CVE-2026-10188— Tenda W12 httpd cgistaKickOff stack-based overflow
Possible ATT&CK Techniques 1AI
T1190 · Exploit Public-Facing ApplicationGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-10188
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Tenda W12 httpd cgistaKickOff stack-based overflow
Source: NVD (National Vulnerability Database)
Vulnerability Description
A flaw has been found in Tenda W12 3.0.0.7(4763). This affects the function cgistaKickOff of the file /bin/httpd. Executing a manipulation of the argument staMac can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been published and may be used.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
栈缓冲区溢出
Source: NVD (National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-10188
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-10188
请登录查看更多情报信息。
Other References for CVE-2026-10188 (1)
Same Patch Batch · Tenda · 2026-05-31 · 5 CVEs total
| CVE-2026-10192 | 8.8 HIGH | Tenda W12 httpd set_local_time_0 stack-based overflow |
| CVE-2026-10191 | 8.8 HIGH | Tenda W12 httpd cgiWifiMacFilterSet stack-based overflow |
| CVE-2026-10189 | 8.8 HIGH | Tenda W12 httpd cgiSysTimeInfoSet stack-based overflow |
| CVE-2026-10190 | 6.5 MEDIUM | Tenda W12 Web Management httpd cgiSysWebTimeoutSet denial of service |
IV. Related Vulnerabilities
Same product: W12
- CVE-2026-10192
Tenda W12 httpd set_local_time_0 stack-based overflow - CVE-2026-10191
Tenda W12 httpd cgiWifiMacFilterSet stack-based overflow - CVE-2026-10190
Tenda W12 Web Management httpd cgiSysWebTimeoutSet denial of - CVE-2026-10189
Tenda W12 httpd cgiSysTimeInfoSet stack-based overflow - CVE-2025-11550
Tenda W12 HTTP Request modules wifiScheduledSet null pointer
Same vendor: Tenda
- CVE-2026-10192
Tenda W12 httpd set_local_time_0 stack-based overflow - CVE-2026-10191
Tenda W12 httpd cgiWifiMacFilterSet stack-based overflow - CVE-2026-10190
Tenda W12 Web Management httpd cgiSysWebTimeoutSet denial of - CVE-2026-10189
Tenda W12 httpd cgiSysTimeInfoSet stack-based overflow - CVE-2026-9431
Tenda F1202 PptpUserAdd fromPptpUserAdd stack-based overflow
Same weakness: CWE-121
- CVE-2026-10206
D-Link DI-8400 dbsrv.asp stack-based overflow - CVE-2026-10192
Tenda W12 httpd set_local_time_0 stack-based overflow - CVE-2026-10191
Tenda W12 httpd cgiWifiMacFilterSet stack-based overflow - CVE-2026-10189
Tenda W12 httpd cgiSysTimeInfoSet stack-based overflow - CVE-2026-10187
Totolink N300RH Web Management wireless.so setWiFiBasicConfi
V. Comments for CVE-2026-10188
No comments yet