PatchSiren cyber security CVE debrief
CVE-2026-10191 Tenda CVE debrief
A stack-based buffer overflow vulnerability exists in the Tenda W12 router firmware version 3.0.0.7(4763). The vulnerability is located in the `cgiWifiMacFilterSet` function within the `/bin/httpd` binary. An attacker can trigger the overflow by manipulating the `wifiMacFilterSet.macList.mac` argument through remote network access. The vulnerability has been publicly disclosed with available exploit material, increasing the risk of active exploitation. The CVSS 4.0 score of 7.4 (HIGH) reflects significant impact to confidentiality, integrity, and availability with low attack complexity and no required user interaction. The vendor attribution to Tenda is supported by a reference to the manufacturer's website, though the vendor field remains marked for review due to low confidence in the canonical source mapping.
- Vendor
- Tenda
- Product
- W12
- CVSS
- HIGH 7.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-31
- Original CVE updated
- 2026-05-31
- Advisory published
- 2026-05-31
- Advisory updated
- 2026-05-31
Who should care
Network administrators managing Tenda W12 deployments, security teams responsible for IoT/edge device protection, and organizations with remote management exposure of consumer-grade routing infrastructure.
Technical summary
The `cgiWifiMacFilterSet` function in `/bin/httpd` on Tenda W12 firmware 3.0.0.7(4763) fails to properly validate the length of the `wifiMacFilterSet.macList.mac` parameter, resulting in a stack-based buffer overflow (CWE-121). The vulnerability is remotely exploitable with low attack complexity and requires low privileges. Successful exploitation may result in complete compromise of confidentiality, integrity, and availability per the CVSS 4.0 vector. Public exploit availability increases immediate risk.
Defensive priority
HIGH
Recommended defensive actions
- Restrict network access to Tenda W12 administrative interfaces to trusted management networks only
- Monitor for unauthorized access attempts to `/bin/httpd` endpoints handling `cgiWifiMacFilterSet`
- Apply firmware updates from Tenda when available; verify version exceeds 3.0.0.7(4763)
- Consider network segmentation for IoT/router devices to limit lateral movement potential
- Review logs for anomalous `wifiMacFilterSet.macList.mac` parameter values indicating exploitation attempts
Evidence notes
Vulnerability identified in Tenda W12 firmware 3.0.0.7(4763). CWE-121 (stack-based buffer overflow) and CWE-119 (improper restriction of operations within buffer bounds) assigned by CNA. CVSS 4.0 vector confirms network attack vector, low attack complexity, and required privileges (PR:L). Public exploit material referenced via cdn2.v50to.cc domain.
Official resources
Public disclosure with exploit availability confirmed as of CVE publication date 2026-05-31. No CISA KEV listing at time of analysis.