CVE-2026-10191

Vulnerability

The vulnerability exists in Tenda W12 router firmware version 3.0.0.7(4763). The function cgiWifiMacFilterSet in the /bin/httpd binary is vulnerable to a stack-based buffer overflow when processing the wifiMacFilterSet.macList.mac argument. An attacker can send a specially crafted HTTP request to trigger the overflow. The affected product is the Tenda W12 router [1].

Exploitation

The attack can be initiated remotely without authentication. The attacker sends a malicious HTTP POST request to the vulnerable endpoint with an overly long value for the wifiMacFilterSet.macList.mac parameter. The exploit has been publicly disclosed, increasing the risk of active exploitation.

Impact

Successful exploitation allows an attacker to achieve arbitrary code execution on the device. Due to the stack-based nature, the attacker can overwrite return addresses and control program flow, potentially gaining full control of the router. This could lead to network compromise, data exfiltration, or use of the device in botnets.

Mitigation

As of the publication date (2026-05-31), no official patch has been released by Tenda. The vendor's website [1] does not provide a security advisory for this issue. Users should consider restricting remote access to the router's management interface, applying network segmentation, or replacing the device if possible. Monitor for firmware updates from Tenda.