CVE-2026-10192: Tenda W12 Router Vulnerability Exposes Networks
The National Vulnerability Database has detailed CVE-2026-10192, a high-severity vulnerability (CVSS 8.8) impacting the Tenda W12 3.0.0.7(4763) router. This flaw resides in the set_local_time_0 function within the /bin/httpd file, where manipulating the Time argument triggers a stack-based buffer overflow. This isn’t a theoretical issue; the attack can be launched remotely, and a public exploit is readily available.
This vulnerability is critical because it offers attackers a straightforward path to potentially gain control over affected devices. A buffer overflow, especially one remotely exploitable with public code, means an unauthenticated actor could execute arbitrary code, leading to full compromise of the router. This grants them a foothold into the network, enabling further lateral movement, data exfiltration, or even denial-of-service attacks.
For defenders, this is a clear call to action. Routers are often overlooked in security audits, yet they are the gateway to the entire network. An attacker doesn’t need to breach a sophisticated perimeter if they can simply walk through the front door of your network device. The availability of a public exploit significantly lowers the bar for attackers, meaning even less sophisticated actors can leverage this vulnerability.
What This Means For You
- If your organization or home office uses Tenda W12 3.0.0.7(4763) routers, you are directly exposed to CVE-2026-10192. Given the remote exploitability and public exploit availability, assume compromise is imminent if unpatched. Isolate these devices immediately and replace them or apply any available patches from Tenda without delay. Audit network logs for suspicious activity originating from or targeting these devices.
Related ATT&CK Techniques
🛡️ Detection Rules
2 rules · 6 SIEM formats2 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-10192: Tenda W12 httpd set_local_time_0 Buffer Overflow Attempt
title: CVE-2026-10192: Tenda W12 httpd set_local_time_0 Buffer Overflow Attempt
id: scw-2026-05-31-ai-1
status: experimental
level: critical
description: |
Detects attempts to exploit CVE-2026-10192 by targeting the set_local_time_0 function in the Tenda W12 router's httpd service. This specific URI and query parameter combination is indicative of an attempt to trigger the stack-based buffer overflow vulnerability.
author: SCW Feed Engine (AI-generated)
date: 2026-05-31
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-10192/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection:
cs-uri|contains:
- '/cgi-bin/luci/admin/system/time'
cs-uri-query|contains:
- 'set_local_time_0'
cs-method|exact:
- 'POST'
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-10192 | Buffer Overflow | Tenda W12 3.0.0.7(4763) |
| CVE-2026-10192 | Buffer Overflow | Vulnerable function: set_local_time_0 |
| CVE-2026-10192 | Buffer Overflow | Vulnerable file: /bin/httpd |
| CVE-2026-10192 | Buffer Overflow | Vulnerable argument: Time |
| CVE-2026-10192 | Buffer Overflow | Attack vector: Remote |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 31, 2026 at 20:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-48209: OTRS XSS Exposes Agent Sessions to Attackers
CVE-2026-48209 — An improper neutralization of user-controllable input in OTRS or ((OTRS)) Community Edition ticket handling allows authenticated attackers to perform reflected cross-site scripting (XSS)...
CVE-2026-48208 — Denial of Service
CVE-2026-48208 — An improper neutralization of active SVG content in OTRS or ((OTRS)) Community Edition ticket article rendering allows attackers to inject specially crafted SVG...
CVE-2026-48189 — OTRS Customer Backend Module Vulnerability
CVE-2026-48189 — An improper Input Validation vulnerability in OTRS Customer Backend module allows to access customer information which are restricted to other groups. Please note...