Which versions of Tenda W12 are affected by EUVD-2026-33514?

Tenda W12 devices running firmware 3.0.0.7(4763) contain a remote memory corruption vulnerability (CVE-2026-10192) accessible via the HTTP daemon; publicly available exploit code exists, creating…

Is there a public PoC exploit available for EUVD-2026-33514?

Yes, a public proof-of-concept exploit is available for EUVD-2026-33514. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate EUVD-2026-33514?

24 hours: Inventory all Tenda W12 devices in production, identifying those running firmware 3.0.0.7(4763) or earlier, and document network locations and criticality levels. 7 days: Implement network segmentation to isolate vulnerable devices from sensitive network segments; disable HTTP/HTTPS-based remote management if operationally feasible; deploy firewall ACLs to restrict administrative access. 30 days: Establish formal escalation with Tenda for patch timeline; upon patch release, deploy to all affected devices within 48 hours; if no patch timeline emerges within 30 days, initiate procurement of replacement devices from vendors with active security support.

Tenda W12 EUVD-2026-33514

Q: What is the CVSS score of EUVD-2026-33514?

EUVD-2026-33514 has a CVSS 4.0 base score of 7.4 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

| CVE-2026-10192 HIGH

Stack-based Buffer Overflow (CWE-121)

2026-05-31 VulDB

GHSA-hxxc-3ccm-q96j

Buffer Overflow Tenda Stack Overflow

7.4

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

7.4 HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Updated

May 31, 2026 - 17:28 vuln.today

v3 (cvss_changed)

Analysis Updated

May 31, 2026 - 17:28 vuln.today

v2 (cvss_changed)

Re-analysis Queued

May 31, 2026 - 17:22 vuln.today

cvss_changed

CVSS changed

May 31, 2026 - 17:22 NVD

8.8 (HIGH) 7.4 (HIGH)

Analysis Generated

May 31, 2026 - 16:50 vuln.today

DescriptionCVE.org

A vulnerability was identified in Tenda W12 3.0.0.7(4763). The affected element is the function set_local_time_0 of the file /bin/httpd. Such manipulation of the argument Time leads to stack-based buffer overflow. The attack can be launched remotely. The exploit is publicly available and might be used.

AnalysisAI

Stack-based buffer overflow in Tenda W12 firmware 3.0.0.7(4763) allows remote attackers to corrupt memory in the embedded HTTP daemon by supplying a crafted Time argument to the set_local_time_0 function in /bin/httpd. Publicly available exploit code exists, and the CVSS 4.0 base score of 7.4 reflects high impact to confidentiality, integrity, and availability with low-privilege network access. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon

Identify exposed Tenda W12 mgmt interface

Delivery

Authenticate with low-privilege credentials

Exploit

Send crafted Time argument to /bin/httpd

Install

Trigger stack overflow in set_local_time_0

Hijack saved return address

Execute

Execute code as httpd

Impact

Pivot into wireless LAN

Recon

Identify exposed Tenda W12 mgmt interface

Delivery

Authenticate with low-privilege credentials

Exploit

Send crafted Time argument to /bin/httpd

Install

Trigger stack overflow in set_local_time_0

Hijack saved return address

Execute

Execute code as httpd

Impact

Pivot into wireless LAN

Vulnerability AssessmentAI

Exploitation	Exploitation requires network reachability to the Tenda W12's HTTP management daemon (/bin/httpd) on an affected device running firmware 3.0.0.7(4763), plus low-privilege credentials to the web UI as indicated by CVSS PR:L - typical attack paths therefore depend on the management interface being accessible from the attacker's network position (LAN, exposed WAN, or guest VLAN with reachability) and on weak, default, or otherwise obtained admin/operator credentials. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	The CVSS 4.0 vector AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H with E:P scores 7.4 and indicates a network-reachable, low-complexity attack that nonetheless requires some level of authenticated access (PR:L) to the web management interface - meaning real-world risk is highest where default or weak admin credentials remain, or where the panel is exposed to untrusted networks. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker who has obtained or guessed low-privilege web UI credentials (or who reaches an exposed management interface using default Tenda credentials) sends a crafted HTTP request to the time-setting endpoint of /bin/httpd with an oversized Time argument, overflowing the stack buffer in set_local_time_0. Using the publicly available proof-of-concept archive (set_local_time_0_overflow.zip), they overwrite the saved return address to execute attacker-controlled code as the httpd process, gaining persistent control over the access point and a pivot into the wireless network.
Remediation	No vendor-released patch identified at time of analysis; administrators should monitor https://www.tenda.com.cn/ for an updated W12 firmware image superseding 3.0.0.7(4763) and apply it as soon as it is published. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Inventory all Tenda W12 devices in production, identifying those running firmware 3.0.0.7(4763) or earlier, and document network locations and criticality levels. …

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-38065 CRITICAL Act Now

9.8 Jun 15

Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_ims_on_with_apn via the

CVE-2026-38060 CRITICAL Act Now

9.8 Jun 15

Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_unlock_sim via the pin p

CVE-2026-38061 CRITICAL Act Now

9.8 Jun 15

Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_set_volume via the volum

CVE-2026-38062 CRITICAL Act Now

9.8 Jun 15

Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_set_rat_mode via the rat

CVE-2026-38063 CRITICAL Act Now

9.8 Jun 15

Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_radio_on_with_ia_apn via

EUVD-2026-33514 vulnerability details – vuln.today

Back

Tenda W12 EUVD-2026-33514

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

More from same product – last 7 days

Share

External POC / Exploit Code