CVE-2026-10189
Deferred Deferred - Pending Action
Stack-Based Buffer Overflow in Tenda W12 Router

Publication date: 2026-05-31

Last updated on: 2026-05-31

Assigner: VulDB

Description
A vulnerability has been found in Tenda W12 3.0.0.7(4763). This vulnerability affects the function cgiSysTimeInfoSet of the file /bin/httpd. The manipulation of the argument sec leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-31
Last Modified
2026-05-31
Generated
2026-06-20
AI Q&A
2026-05-31
EPSS Evaluated
2026-06-19
NVD
CVE-2026-10189
EUVD
EUVD-2026-33511
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
tenda w12 3.0.0.7
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-10189 is a buffer overflow vulnerability found in the cgiSysTimeInfoSet function of the Tenda W12 device firmware version 3.0.0.7(4763). Specifically, the vulnerability arises from improper handling of the 'sec' argument, which leads to a stack-based buffer overflow.

This flaw can be exploited remotely by sending specially crafted input that exceeds the allocated buffer size, potentially allowing an attacker to execute arbitrary code or cause a denial of service on the affected device.

Impact Analysis

The vulnerability can have severe impacts including remote code execution and denial of service on the affected Tenda W12 device. An attacker exploiting this flaw could gain control over the device, disrupt its normal operation, or use it as a foothold to launch further attacks within a network.

  • Remote code execution allowing full control of the device.
  • Denial of service causing the device or service to crash or become unavailable.
  • Potential compromise of network security if the device is part of a larger infrastructure.
Detection Guidance

This vulnerability affects the cgiSysTimeInfoSet function in the /bin/httpd service of Tenda W12 devices. Detection can involve monitoring for unusual or specially crafted HTTP requests targeting the cgiSysTimeInfoSet endpoint, especially those manipulating the 'sec' argument to trigger a buffer overflow.

Since the vulnerability is triggered by sending crafted input to the web interface, you can use network inspection tools or command-line utilities to detect such attempts.

  • Use curl or wget to send test requests to the vulnerable CGI endpoint and observe responses, for example: curl -v http://<device-ip>/cgiSysTimeInfoSet?sec=<malicious_payload>
  • Use network packet capture tools like tcpdump or Wireshark to monitor HTTP traffic for suspicious requests targeting /cgiSysTimeInfoSet.
  • Check device logs for crashes or unusual behavior related to the /bin/httpd process, which may indicate exploitation attempts.
Mitigation Strategies

Immediate mitigation steps include restricting access to the vulnerable web interface to trusted networks only, such as by using firewall rules or network segmentation.

Avoid exposing the device's management interface to the internet or untrusted networks to reduce the risk of remote exploitation.

Monitor the device for signs of exploitation, such as crashes or unexpected behavior of the /bin/httpd process.

If available, apply any official patches or firmware updates from the vendor that address this vulnerability.

As a temporary measure, consider disabling the vulnerable CGI function or the web management interface if possible.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-10189. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart