CVE-2026-10189
Description
Stack-based buffer overflow in Tenda W12 firmware 3.0.0.7(4763) via cgiSysTimeInfoSet allows remote attackers to cause a crash or potentially execute code.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Stack-based buffer overflow in Tenda W12 firmware 3.0.0.7(4763) via cgiSysTimeInfoSet allows remote attackers to cause a crash or potentially execute code.
Vulnerability
The vulnerability is a stack-based buffer overflow in the cgiSysTimeInfoSet function within /bin/httpd of Tenda W12 firmware version 3.0.0.7(4763). The overflow occurs when handling the sec argument. Affected versions include 3.0.0.7(4763) and possibly earlier releases [1].
Exploitation
An attacker can trigger this remotely by sending a crafted HTTP request to the vulnerable endpoint with an overly long sec parameter. No authentication is required as the function is accessible without credentials. The exploit has been publicly disclosed, increasing the risk of active exploitation.
Impact
Successful exploitation could lead to a stack-based buffer overflow, potentially causing a denial of service (crash) or arbitrary code execution with the privileges of the httpd process. The exact impact depends on the attacker's payload.
Mitigation
As of the publication date, no official patch has been released by Tenda. Users should monitor Tenda's website [1] for firmware updates. Until a fix is available, consider restricting network access to the device or disabling the vulnerable functionality if possible.
AI Insight generated on May 31, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6News mentions
0No linked articles in our index yet.