CVE-2026-10189

A vulnerability has been found in Tenda W12 3.0.0.7(4763). This vulnerability affects the function cgiSysTimeInfoSet of the file /bin/httpd. The manipulation of the argument sec leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to th...

high 8.8 CVSS 3.1

Published: May 31, 2026

Modified: Jun 1, 2026

Description

A vulnerability has been found in Tenda W12 3.0.0.7(4763). This vulnerability affects the function cgiSysTimeInfoSet of the file /bin/httpd. The manipulation of the argument sec leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

References

http://cdn2.v50to.cc/cgiSysTimeInfoSet_overflow.zip
https://vuldb.com/cve/CVE-2026-10189
https://vuldb.com/submit/820021
https://vuldb.com/vuln/367470
https://vuldb.com/vuln/367470/cti
https://www.tenda.com.cn/

Version	3.1
Score	8.8 / 10
Severity	high