How is CVE-2026-10192 exploited?

Network reachability (required): The attacker must reach the device's httpd service over the network; no local or physical access is required. Authentication (required): A low-privilege account is sufficient; the attacker must be authenticated to issue requests to the set_local_time_0 endpoint. Victim interaction (not-required): No victim interaction is needed; the attacker sends a crafted request directly to the service without any user involvement. Attack complexity (info): Attack complexity is low, meaning the exploit is reliable and requires no special race conditions or environmental factors to trigger the overflow.

What is the impact of CVE-2026-10192?

The attacker achieves high-confidence read access to process memory, exposing credentials, session tokens, or configuration data stored in the httpd process. The attacker achieves high-confidence write access to process memory, allowing arbitrary modification of runtime state or persistent configuration on the device. The httpd service can be crashed, taking down remote management and any dependent functionality on the router. Combined memory read and write primitives from a stack overflow in a network-facing binary make remote code execution on the device a realistic outcome.

Back to search

HIGHCVE-2026-10192Published 2026-05-31Modified 2026-05-31CNA VulDB

CVE-2026-10192: Tenda W12 httpd set_local_time_0 stack-based overflow

A vulnerability was identified in Tenda W12 3.0.0.7(4763). The affected element is the function set_local_time_0 of the file /bin/httpd. Such manipulation of the argument Time leads to stack-based buffer overflow. The attack can be launched remotely. The exploit is publicly available and might be used.

HarborGuard Analysis

HarborGuard analysis

Synopsis

A stack-based buffer overflow exists in the Tenda W12 router (firmware version 3.0.0.7(4763)) inside the set_local_time_0 function of the httpd binary. The vulnerability is reachable over the network by any authenticated user with a low-privilege account, requiring no victim interaction, by supplying a crafted value to the Time argument. Successful exploitation gives an attacker full read and write access to memory and can crash the affected service, enabling likely remote code execution on the device. No upstream fix has been published; HarborGuard tracks the advisory for patch availability.

HarborGuard Coverage

Detection

Detection for CVE-2026-10192 is available across every HarborGuard environment, with the CVE matched against customer images within minutes of ingestion from upstream feeds including VulDB, covering both vendor-supplied and custom-built container images that bundle the affected Tenda W12 httpd binary. Any image containing the vulnerable firmware version 3.0.0.7(4763) artifact is flagged automatically during pipeline and registry scans.

Available

Triage

HarborGuard is capable of scoring this CVE at CVSS v4.0 8.7 (HIGH) and weighting that score against each customer environment's compliance policy to prioritize routing. Triage results are routed to the appropriate team inbox within each customer organization based on configured ownership rules for network-facing firmware components.

Available

Patch

Because no fix version has been published upstream, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available the moment an upstream fix is released. In the interim, customers can use HarborGuard's policy controls to flag or block deployment of images containing this affected binary while awaiting vendor remediation.

Pending upstream

Exploit Conditions

Network reachabilityRequired
The attacker must reach the device's httpd service over the network; no local or physical access is required.
AuthenticationRequired
A low-privilege account is sufficient; the attacker must be authenticated to issue requests to the set_local_time_0 endpoint.
Victim interactionNot required
No victim interaction is needed; the attacker sends a crafted request directly to the service without any user involvement.
Attack complexityDetail
Attack complexity is low, meaning the exploit is reliable and requires no special race conditions or environmental factors to trigger the overflow.

Blast Radius

The attacker achieves high-confidence read access to process memory, exposing credentials, session tokens, or configuration data stored in the httpd process.
The attacker achieves high-confidence write access to process memory, allowing arbitrary modification of runtime state or persistent configuration on the device.
The httpd service can be crashed, taking down remote management and any dependent functionality on the router.
Combined memory read and write primitives from a stack overflow in a network-facing binary make remote code execution on the device a realistic outcome.

How HarborGuard Handles This

Available on HarborGuard: because no upstream fix exists for CVE-2026-10192 as of the publication date, HarborGuard continuously re-checks the VulDB advisory on every ingest cycle and will surface a patched-image rebuild the moment Tenda publishes a corrected firmware version. While waiting for a vendor fix, customers can apply network-policy isolation to restrict access to the httpd management interface to trusted source addresses only, and use HarborGuard's policy engine to flag or block promotion of images containing the affected binary (Tenda W12 3.0.0.7(4763) httpd) through CI/CD pipelines. Egress filtering and feature-flag gating on time-synchronization endpoints are additional compensating controls worth considering for environments where the device image is containerized or emulated. For customers with auto-remediation enabled, HarborGuard will trigger a rebuild, regression run, and PR against affected workloads automatically once an upstream fix version is available.

See how HarborGuard automates this

CVSS v4.0: 8.7
Severity: HIGH
Fixed in: —
Affected Products: 1

Affected packages

Tenda / W12
3.0.0.7(4763)

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

References