Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.4
CVE-2026-10189: Tenda W12 3.0.0.7: Remote Attack via Malformed Time Request
CVE-2026-10189
Summary
A security issue has been found in the Tenda W12 router's web server. If an attacker sends a specially crafted time request, they may be able to execute malicious code on the router. To stay safe, consider updating to the latest version of the router's firmware.
Original title
A vulnerability has been found in Tenda W12 3.0.0.7(4763). This vulnerability affects the function cgiSysTimeInfoSet of the file /bin/httpd. The manipulation of the argument sec leads to stack-base...
Original description
A vulnerability has been found in Tenda W12 3.0.0.7(4763). This vulnerability affects the function cgiSysTimeInfoSet of the file /bin/httpd. The manipulation of the argument sec leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
nvd CVSS2.0
9.0
nvd CVSS3.1
8.8
nvd CVSS4.0
7.4
Vulnerability type
CWE-119
Buffer Overflow
CWE-121
Stack-based Buffer Overflow
Published: 31 May 2026 · Updated: 31 May 2026 · First seen: 31 May 2026