{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/w12-3.0.0.74763/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-10192"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["W12 3.0.0.7(4763)"],"_cs_severities":["high"],"_cs_tags":["cve","buffer_overflow","tenda","router"],"_cs_type":"advisory","_cs_vendors":["Tenda"],"content_html":"\u003cp\u003eA stack-based buffer overflow vulnerability, CVE-2026-10192, has been identified in Tenda W12 router version 3.0.0.7(4763). The vulnerability resides in the \u003ccode\u003eset_local_time_0\u003c/code\u003e function within the \u003ccode\u003e/bin/httpd\u003c/code\u003e binary, responsible for handling time synchronization. A remote attacker can exploit this flaw by crafting a malicious \u003ccode\u003eTime\u003c/code\u003e argument in a request to this function, leading to arbitrary code execution due to the buffer overflow. This exploit is publicly available, increasing the risk of widespread exploitation. Successful exploitation allows an attacker to gain complete control of the device, potentially leading to data theft, device hijacking, or integration into a botnet.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a Tenda W12 router running firmware version 3.0.0.7(4763) accessible over the network.\u003c/li\u003e\n\u003cli\u003eThe attacker sends a crafted HTTP request targeting the \u003ccode\u003e/bin/httpd\u003c/code\u003e service.\u003c/li\u003e\n\u003cli\u003eThe HTTP request is designed to call the \u003ccode\u003eset_local_time_0\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eThe request includes a malicious \u003ccode\u003eTime\u003c/code\u003e argument that exceeds the buffer size allocated for it.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eset_local_time_0\u003c/code\u003e function attempts to copy the overly long \u003ccode\u003eTime\u003c/code\u003e argument into the buffer, triggering a stack-based buffer overflow.\u003c/li\u003e\n\u003cli\u003eThe overflow overwrites adjacent memory on the stack, potentially including the return address.\u003c/li\u003e\n\u003cli\u003eThe attacker manipulates the return address to point to malicious code injected into the device\u0026rsquo;s memory.\u003c/li\u003e\n\u003cli\u003eUpon function return, control is transferred to the attacker\u0026rsquo;s injected code, allowing arbitrary command execution.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-10192 can grant a remote attacker complete control over the Tenda W12 router. This could lead to unauthorized access to sensitive information, modification of router settings, or the use of the router as a node in a botnet for distributed denial-of-service (DDoS) attacks or other malicious activities. Given the availability of a public exploit, the risk of widespread exploitation is significant, potentially affecting a large number of home and small business networks.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply available patches or firmware updates from Tenda to address CVE-2026-10192.\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for suspicious HTTP requests targeting the \u003ccode\u003e/bin/httpd\u003c/code\u003e service with unusually long \u003ccode\u003eTime\u003c/code\u003e arguments, using the provided Sigma rule.\u003c/li\u003e\n\u003cli\u003eImplement network segmentation to limit the impact of a successful exploit on other devices on the network.\u003c/li\u003e\n\u003cli\u003eConsider deploying a web application firewall (WAF) to filter malicious requests targeting the \u003ccode\u003eset_local_time_0\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eDisable remote management access to the router if not required.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-31T17:18:27Z","date_published":"2026-05-31T17:18:27Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-10192-tenda-w12-bo/","summary":"A stack-based buffer overflow vulnerability exists in Tenda W12 version 3.0.0.7(4763) in the `set_local_time_0` function, which allows a remote attacker to execute arbitrary code by manipulating the Time argument.","title":"CVE-2026-10192 - Tenda W12 Stack-Based Buffer Overflow in set_local_time_0","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-10192-tenda-w12-bo/"}],"language":"en","title":"CraftedSignal Threat Feed — W12 3.0.0.7(4763)","version":"https://jsonfeed.org/version/1.1"}