CVE-2026-10191— Tenda W12 httpd cgiWifiMacFilterSet stack-based overflow
Possible ATT&CK Techniques 2AI
T1203 · Exploitation for Client Execution T1190 · Exploit Public-Facing ApplicationGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-10191
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Tenda W12 httpd cgiWifiMacFilterSet stack-based overflow
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability was determined in Tenda W12 3.0.0.7(4763). Impacted is the function cgiWifiMacFilterSet of the file /bin/httpd. This manipulation of the argument wifiMacFilterSet.macList.mac causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
栈缓冲区溢出
Source: NVD (National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-10191
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-10191
请登录查看更多情报信息。
Other References for CVE-2026-10191 (1)
Same Patch Batch · Tenda · 2026-05-31 · 5 CVEs total
| CVE-2026-10192 | 8.8 HIGH | Tenda W12 httpd set_local_time_0 stack-based overflow |
| CVE-2026-10189 | 8.8 HIGH | Tenda W12 httpd cgiSysTimeInfoSet stack-based overflow |
| CVE-2026-10188 | 8.8 HIGH | Tenda W12 httpd cgistaKickOff stack-based overflow |
| CVE-2026-10190 | 6.5 MEDIUM | Tenda W12 Web Management httpd cgiSysWebTimeoutSet denial of service |
IV. Related Vulnerabilities
Same product: W12
- CVE-2026-10192
Tenda W12 httpd set_local_time_0 stack-based overflow - CVE-2026-10190
Tenda W12 Web Management httpd cgiSysWebTimeoutSet denial of - CVE-2026-10189
Tenda W12 httpd cgiSysTimeInfoSet stack-based overflow - CVE-2026-10188
Tenda W12 httpd cgistaKickOff stack-based overflow - CVE-2025-11550
Tenda W12 HTTP Request modules wifiScheduledSet null pointer
Same vendor: Tenda
- CVE-2026-10192
Tenda W12 httpd set_local_time_0 stack-based overflow - CVE-2026-10190
Tenda W12 Web Management httpd cgiSysWebTimeoutSet denial of - CVE-2026-10189
Tenda W12 httpd cgiSysTimeInfoSet stack-based overflow - CVE-2026-10188
Tenda W12 httpd cgistaKickOff stack-based overflow - CVE-2026-9431
Tenda F1202 PptpUserAdd fromPptpUserAdd stack-based overflow
Same weakness: CWE-121
- CVE-2026-10206
D-Link DI-8400 dbsrv.asp stack-based overflow - CVE-2026-10192
Tenda W12 httpd set_local_time_0 stack-based overflow - CVE-2026-10189
Tenda W12 httpd cgiSysTimeInfoSet stack-based overflow - CVE-2026-10188
Tenda W12 httpd cgistaKickOff stack-based overflow - CVE-2026-10187
Totolink N300RH Web Management wireless.so setWiFiBasicConfi
V. Comments for CVE-2026-10191
No comments yet