CVE-2026-10190
Description
Tenda W12 3.0.0.7(4763) web interface has a DoS vulnerability via the web_over_time argument in cgiSysWebTimeoutSet, exploitable remotely.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Tenda W12 3.0.0.7(4763) web interface has a DoS vulnerability via the web_over_time argument in cgiSysWebTimeoutSet, exploitable remotely.
Vulnerability
The vulnerability exists in the web management interface of Tenda W12 router firmware version 3.0.0.7(4763). The function cgiSysWebTimeoutSet in /bin/httpd does not properly validate the web_over_time argument, leading to a denial of service condition. [1]
Exploitation
An attacker can send a specially crafted HTTP request to the web management interface with a malicious web_over_time parameter. No authentication is required as the interface may be exposed. The attack can be launched remotely over the network. The exploit has been publicly disclosed. [1]
Impact
Successful exploitation causes the web management interface to become unresponsive, resulting in a denial of service. The router's functionality may be disrupted until a reboot. No data is compromised, but availability is affected.
Mitigation
As of the publication date (2026-05-31), no official fix has been released by Tenda. Users should restrict access to the web management interface to trusted networks and consider disabling remote administration if not required. Monitor vendor updates for a firmware patch. [1]
AI Insight generated on May 31, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6News mentions
0No linked articles in our index yet.