Skip to main content
A Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection. Six years running.Find Out Why
CVE Vulnerability Database
Vulnerability Database/CVE-2026-10192

CVE-2026-10192: Tenda W12 Buffer Overflow Vulnerability

CVE-2026-10192 is a stack-based buffer overflow vulnerability in Tenda W12 router that enables remote attackers to exploit the set_local_time_0 function. This article covers technical details, affected versions, and mitigation.

Published:

CVE-2026-10192 Overview

CVE-2026-10192 is a stack-based buffer overflow [CWE-119] affecting the Tenda W12 wireless access point running firmware version 3.0.0.7(4763). The flaw resides in the set_local_time_0 function within the /bin/httpd binary that handles the device's web management interface. Attackers manipulate the Time argument to overflow a fixed-size stack buffer, corrupting adjacent memory and the saved return address. The vulnerability is reachable over the network and a public exploit archive has been published, increasing the likelihood of opportunistic abuse against exposed devices.

Critical Impact

Remote attackers can corrupt stack memory in the httpd process of Tenda W12 devices, enabling potential arbitrary code execution or denial of service against the access point.

Affected Products

  • Tenda W12 wireless access point
  • Firmware version 3.0.0.7(4763)
  • /bin/httpd web management daemon

Discovery Timeline

  • 2026-05-31 - CVE-2026-10192 published to NVD
  • 2026-06-01 - Last updated in NVD database

Technical Details for CVE-2026-10192

Vulnerability Analysis

The vulnerability lives in the set_local_time_0 handler exported by the embedded /bin/httpd server on the Tenda W12. This handler processes time configuration requests submitted through the device's web interface. When parsing the Time parameter, the function copies attacker-supplied data into a fixed-size stack buffer without enforcing length validation. Submitting an oversized Time value overruns the buffer and overwrites adjacent stack data, including the saved return address. Because the httpd process typically runs with elevated privileges on consumer networking equipment, successful exploitation can yield full control of the device's management plane. The flaw is classified under [CWE-119] for improper restriction of operations within memory buffer bounds.

Root Cause

The root cause is the absence of bounds checking on the Time request parameter before it is copied into a stack-allocated buffer inside set_local_time_0. The handler trusts the request size implicitly, a recurring pattern in Tenda's httpd binary where input parsing precedes length validation.

Attack Vector

The attack vector is network-based and requires low privileges on the management interface. An attacker who can reach the device's HTTP service sends a crafted request to the time configuration endpoint with an oversized Time field. The malicious payload overflows the target stack frame, allowing the attacker to influence control flow once execution returns from the vulnerable function. A public proof-of-concept archive is referenced in VulDB submission #820024, lowering the barrier to exploitation.

No verified exploit code is reproduced here. Refer to the VulDB CVE-2026-10192 entry for technical artifacts and the VulDB vulnerability record #367473 for additional context.

Detection Methods for CVE-2026-10192

Indicators of Compromise

  • HTTP POST requests to time configuration endpoints on the Tenda W12 management interface containing abnormally long Time parameter values.
  • Unexpected restarts, crashes, or watchdog-triggered reboots of the httpd process on the access point.
  • Outbound connections from the access point to unfamiliar hosts following management plane activity.

Detection Strategies

  • Inspect network traffic destined for the device's web management port for oversized parameter values, particularly on the Time field.
  • Alert on management interface access from sources outside the administrative network segment.
  • Correlate device availability metrics with surrounding HTTP request patterns to identify exploitation attempts that cause httpd to crash.

Monitoring Recommendations

  • Forward syslog and SNMP traps from Tenda W12 devices to a central log platform for crash and reboot correlation.
  • Track authentication events on the management interface to detect credential abuse preceding exploitation.
  • Monitor for new or unauthorized firmware images and configuration changes on affected devices.

How to Mitigate CVE-2026-10192

Immediate Actions Required

  • Restrict access to the Tenda W12 management interface to a dedicated administrative VLAN or jump host.
  • Disable remote WAN-side administration if it is enabled on the device.
  • Rotate administrative credentials and enforce strong, unique passwords for the management interface.
  • Inventory Tenda W12 deployments and confirm whether firmware 3.0.0.7(4763) is in use.

Patch Information

At the time of publication, no vendor advisory or patched firmware release is listed in the NVD record for CVE-2026-10192. Consult the Tenda official website for firmware updates and check the VulDB vulnerability record #367473 for changes in remediation status.

Workarounds

  • Place affected access points behind a firewall that blocks inbound HTTP and HTTPS traffic to the management interface from untrusted networks.
  • Apply access control lists that limit management connectivity to known administrator IP addresses.
  • Where business requirements allow, replace end-of-support Tenda W12 units with actively maintained hardware until a fixed firmware version is released.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.

Try SentinelOne