CVE-2026-10190
6.5 MEDIUMA vulnerability was found in Tenda W12 3.0.0.7(4763)
Published: 2026-05-31 · Last updated: 2026-06-01
Severity and scoring
- CVSS
- 6.5 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
- CWE
- CWE-404
Description
A vulnerability was found in Tenda W12 3.0.0.7(4763). This issue affects the function cgiSysWebTimeoutSet of the file /bin/httpd of the component Web Management Interface. The manipulation of the argument web_over_time results in denial of service. It is possible to launch the attack remotely. The exploit has been made public and could be used.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-10190
- [Other]http://cdn2.v50to.cc/cgiSysWebTimeoutSet_dos.zip
- [Other]https://vuldb.com/cve/CVE-2026-10190
- [Other]https://vuldb.com/submit/820022
- [Other]https://vuldb.com/vuln/367471
- [Other]https://vuldb.com/vuln/367471/cti
- [Other]https://www.tenda.com.cn/
- [Other]https://vuldb.com/submit/820022
Related CVEs
Same CWE
- CVE-2026-45174 — Idira Endpoint Privilege Manager Linux Agent versions prior to 26.5 allow a local attacker to potentially compromise the agent daemon ini...
- CVE-2026-47213 — Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to ru... (6.5 MEDIUM)
- CVE-2026-11312 — A vulnerability was found in bytedance InfiniStore up to 0.2.33 (3.3 LOW)
- CVE-2026-10802 — A vulnerability was detected in keystonejs keystone up to 20260319 (4.3 MEDIUM)
- CVE-2026-10775 — A vulnerability was determined in sgl-project SGLang up to 0.5.11 (3.6 LOW)