Tenda W12 (CVE-2026-10189) Stack-Based Buffer Overflow Disclosed
The National Vulnerability Database has disclosed a critical stack-based buffer overflow, identified as CVE-2026-10189, affecting the Tenda W12 3.0.0.7(4763) router. This vulnerability resides within the cgiSysTimeInfoSet function of the /bin/httpd file, specifically triggered by manipulating the sec argument.
Rated with a CVSS score of 8.8 (HIGH), this flaw allows for remote exploitation, meaning attackers can trigger the buffer overflow without direct physical access. The public disclosure of exploit details raises the immediate risk, as it lowers the bar for adversaries to weaponize this vulnerability. This is a direct path to device compromise, potentially enabling arbitrary code execution or denial of service.
Defenders must recognize that exposed network devices, especially consumer-grade routers like the Tenda W12, are prime targets. Attackers leverage these vulnerabilities to establish footholds in home networks or small office environments, often as a stepping stone to more valuable targets or to create botnets. The high severity and public exploit availability mean this isn’t a theoretical threat; it’s an immediate operational risk for anyone using this specific Tenda model.
What This Means For You
- If your organization or remote workforce utilizes Tenda W12 3.0.0.7(4763) routers, immediate action is required. This stack-based buffer overflow (CVE-2026-10189) is remotely exploitable, and public exploit code exists. Isolate these devices from critical networks or replace them if a patch is unavailable. Assume compromise and audit network traffic for suspicious activity originating from these devices.
Related ATT&CK Techniques
🛡️ Detection Rules
2 rules · 6 SIEM formats2 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-10189 Tenda W12 cgiSysTimeInfoSet Stack Overflow
title: CVE-2026-10189 Tenda W12 cgiSysTimeInfoSet Stack Overflow
id: scw-2026-05-31-ai-1
status: experimental
level: critical
description: |
This rule detects attempts to exploit CVE-2026-10189 by targeting the cgiSysTimeInfoSet function within the httpd binary on Tenda W12 devices. The exploit involves manipulating the 'sec' parameter to trigger a stack-based buffer overflow. This detection focuses on the specific URI path and query parameters associated with the vulnerable function.
author: SCW Feed Engine (AI-generated)
date: 2026-05-31
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-10189/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection:
cs-uri|contains:
- '/cgi-bin/httpd'
cs-uri-query|contains:
- 'cgiSysTimeInfoSet'
cs-uri-query|contains:
- 'sec='
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-10189 | Buffer Overflow | Tenda W12 version 3.0.0.7(4763) |
| CVE-2026-10189 | Buffer Overflow | Vulnerable function: cgiSysTimeInfoSet |
| CVE-2026-10189 | Buffer Overflow | Vulnerable file: /bin/httpd |
| CVE-2026-10189 | Buffer Overflow | Vulnerable argument: sec |
| CVE-2026-10189 | Buffer Overflow | Attack vector: Remote |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 31, 2026 at 19:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-48209: OTRS XSS Exposes Agent Sessions to Attackers
CVE-2026-48209 — An improper neutralization of user-controllable input in OTRS or ((OTRS)) Community Edition ticket handling allows authenticated attackers to perform reflected cross-site scripting (XSS)...
CVE-2026-48208 — Denial of Service
CVE-2026-48208 — An improper neutralization of active SVG content in OTRS or ((OTRS)) Community Edition ticket article rendering allows attackers to inject specially crafted SVG...
CVE-2026-48189 — OTRS Customer Backend Module Vulnerability
CVE-2026-48189 — An improper Input Validation vulnerability in OTRS Customer Backend module allows to access customer information which are restricted to other groups. Please note...