CVE-2026-10188
Stack-Based Buffer Overflow in Tenda W12 Router
Publication date: 2026-05-31
Last updated on: 2026-05-31
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tenda | w12 | 3.0.0.7 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-10188 is a buffer overflow vulnerability found in the Tenda W12 router, specifically in the cgistaKickOff function of the /bin/httpd file. This flaw occurs when a specially crafted argument (staMac) is manipulated, leading to a stack-based buffer overflow. The vulnerability can be exploited remotely by sending a malicious packet to the device, causing memory corruption.
This overflow can allow attackers to execute arbitrary code on the router, potentially taking full control of the device.
How can this vulnerability impact me? :
The vulnerability can have severe impacts as it allows remote attackers to execute arbitrary code on the affected Tenda W12 router. This means an attacker could take control of the router, potentially intercepting, modifying, or disrupting network traffic.
Such control could lead to unauthorized access to your network, data theft, network downtime, or the router being used as part of a botnet or other malicious activities.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for specially crafted packets targeting the cgistaKickOff function of the Tenda W12 router. Since the exploit involves sending malicious input to the device, network traffic analysis tools can be used to identify unusual or malformed packets directed at the router.
Additionally, proof-of-concept (PoC) code such as poc2.py exists to demonstrate the exploit, which can be used in a controlled environment to test if the device is vulnerable.
Specific commands are not provided in the available resources, but typical detection methods might include using packet capture tools like tcpdump or Wireshark to filter for suspicious packets sent to the router's management interface.
What immediate steps should I take to mitigate this vulnerability?
The immediate recommended step to mitigate this vulnerability is to update the Tenda W12 router firmware to the latest version provided by the vendor.
Applying the firmware update will patch the buffer overflow flaw in the cgistaKickOff function, preventing exploitation and potential remote code execution.
In addition, it is advisable to monitor network traffic for suspicious activity and restrict remote access to the router's management interface to trusted sources only.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.