CVE-2026-10188
8.8 HIGHA flaw has been found in Tenda W12 3.0.0.7(4763)
Published: 2026-05-31 · Last updated: 2026-06-01
Severity and scoring
- CVSS
- 8.8 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-119, CWE-121
Description
A flaw has been found in Tenda W12 3.0.0.7(4763). This affects the function cgistaKickOff of the file /bin/httpd. Executing a manipulation of the argument staMac can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been published and may be used.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-10188
- [Other]http://cdn2.v50to.cc/Tenda%20W12%20cgistaKickOff%20overflow.zip
- [Other]https://vuldb.com/cve/CVE-2026-10188
- [Other]https://vuldb.com/submit/820018
- [Other]https://vuldb.com/vuln/367469
- [Other]https://vuldb.com/vuln/367469/cti
- [Other]https://www.tenda.com.cn/
Related CVEs
Same CWE
- CVE-2026-7273 — A stack-based buffer overflow vulnerability in the CGI program of Zyxel GS1900-48HPv2 firmware versions through 2.90(ABTQ.1)C0 could allo... (8.8 HIGH)
- CVE-2025-55660 — A stack overflow in the gf_opus_read_length function (media_tools/av_parsers.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of... (5.5 MEDIUM)
- CVE-2026-8356 — LibreOffice can import presentations in the legacy binary PPT format
- CVE-2026-12222 — A vulnerability was determined in Yealink SIP-T46U 108.86.0.118 (8.0 HIGH)
- CVE-2026-12221 — A vulnerability was found in Yealink SIP-T46U 108.86.0.118 (8.0 HIGH)