← back
CVE-2026-10192

Tenda W12 httpd set_local_time_0 stack-based overflow

CVSS 8.7 HIGHEPSS 0.5%CWE-119CWE-121
A vulnerability was identified in Tenda W12 3.0.0.7(4763). The affected element is the function set_local_time_0 of the file /bin/httpd. Such manipulation of the argument Time leads to stack-based buffer overflow. The attack can be launched remotely. The exploit is publicly available and might be used.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
Affected products
Tenda · W12
public PoCs found1
cve_referencecdn2.v50to.cc/set_local_time_0_overflow.zipunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://cdn2.v50to.cc/set_local_time_0_overflow.ziphttps://vuldb.com/cve/CVE-2026-10192https://vuldb.com/submit/820024https://vuldb.com/vuln/367473https://vuldb.com/vuln/367473/ctihttps://www.tenda.com.cn/