CVE-2026-10189

Published: Mag 31, 2026 Last Modified: Mag 31, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 7,4

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: low

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

HIGH 8,8

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: low

User Interaction: none

Scope: unchanged

Confidentiality: high

Integrity: high

Availability: high

HIGH 9,0

Source: [email protected]

Access Vector: network

Access Complexity: low

Authentication: single

Confidentiality: complete

Integrity: complete

Availability: complete

Description

AI Translation Available

A vulnerability has been found in Tenda W12 3.0.0.7(4763). This vulnerability affects the function cgiSysTimeInfoSet of the file /bin/httpd. The manipulation of the argument sec leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Stable

Abstraction: Class Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity Confidentiality Availability

Potential Impacts:

Execute Unauthorized Code Or Commands Modify Memory Read Memory Dos: Crash, Exit, Or Restart Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory)

Applicable Platforms

Languages: Memory-Unsafe, C, C++, Assembly

Likelihood of Exploit: High

View CWE Details

121

Stack-based Buffer Overflow

Draft

Abstraction: Variant Structure: Simple

Common Consequences

Security Scopes Affected:

Availability Integrity Confidentiality Access Control Other

Potential Impacts:

Modify Memory Dos: Crash, Exit, Or Restart Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory) Execute Unauthorized Code Or Commands Bypass Protection Mechanism Other