MEDIUM 6.5

CVE-2026-10190: Tenda W12 Web Interface Denial-of-Service Vulnerability

A remotely exploitable vulnerability exists in Tenda W12 version 3.0.0.7(4763) that allows authenticated users to crash the device's web management interface. By sending a specially crafted request to the web timeout configuration function, an attacker with valid credentials can trigger a denial-of-service condition, rendering the device's management portal unavailable until it is restarted. Public exploit code is available, increasing the practical risk.

Source data · NVD / CISA · public domain

CVSS
3.1 · 6.5 MEDIUM · CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Weaknesses (CWE)
CWE-404
Affected products
0 configuration(s)
Published / Modified
2026-05-31 / 2026-06-17

NVD description (verbatim)

A vulnerability was found in Tenda W12 3.0.0.7(4763). This issue affects the function cgiSysWebTimeoutSet of the file /bin/httpd of the component Web Management Interface. The manipulation of the argument web_over_time results in denial of service. It is possible to launch the attack remotely. The exploit has been made public and could be used.

7 reference(s) · View on NVD →

SEC.co analysis · AI-assisted, reviewed against source

Technical summary

CVE-2026-10190 is a denial-of-service vulnerability in the cgiSysWebTimeoutSet function within the Tenda W12's /bin/httpd web management daemon. The vulnerability stems from improper handling of the web_over_time parameter, classified as CWE-404 (Improper Resource Validation). The flaw permits authenticated remote attackers to trigger a crash or hang condition without requiring user interaction or elevated privileges beyond initial login credentials. The CVSS 3.1 score of 6.5 reflects network-accessible attack surface with low complexity and high availability impact, though confidentiality and integrity remain unaffected.

Business impact

Organizations deploying Tenda W12 devices face potential operational disruption if administrators or network staff fall victim to credential compromise. An attacker with valid web interface credentials can disable management access, complicating emergency response, configuration changes, and device monitoring. While the vulnerability does not permit data theft or system takeover, repeated denial-of-service attacks could degrade IT responsiveness and incident triage capabilities. The availability of public exploits elevates the likelihood of opportunistic attacks against networks with weak credential hygiene or exposed management interfaces.

Affected systems

Tenda W12 firmware version 3.0.0.7(4763) is confirmed affected. Organizations should verify whether deployed Tenda W12 devices are running this specific firmware version and check Tenda's advisory for confirmation of affected and fixed firmware releases.

Exploitability

Exploitability is straightforward: the attack requires only network access to the web management interface and valid authentication credentials. No special software, code execution, or user interaction is needed. The availability of public exploit code means attackers can quickly test vulnerable instances without reverse-engineering effort. Exploitation likelihood is moderate to high in environments where web interfaces are exposed or where credential theft has occurred.

Remediation

Priority remediation is to apply the latest Tenda W12 firmware patch addressing this vulnerability. Until patching is feasible, restrict access to the web management interface via network segmentation, firewall rules, or VPN-only access. Enforce strong, unique passwords for web interface accounts and enable any available authentication mechanisms (e.g., HTTPS enforcement, IP whitelisting). Monitor for suspicious login attempts and unexpected device restarts.

Patch guidance

Contact Tenda support or check their security advisory portal to confirm the fixed firmware version for the W12 series. Tenda typically releases firmware updates through their device management console or website. Test patches in a non-production environment before deployment. Verify the integrity and authenticity of any firmware file before flashing to prevent supply-chain attacks.

Detection guidance

Monitor access logs of the Tenda W12 web interface for POST requests to /cgiSys with the web_over_time parameter, especially from internal or unexpected IP addresses. Watch for patterns of repeated authentication followed by web interface unavailability. Enable any available device logging or syslog forwarding to a centralized security information and event management (SIEM) system. Consider network-based detection on parameters passed to the vulnerable endpoint if your monitoring infrastructure supports packet inspection.

Why prioritize this

Although scored MEDIUM, this vulnerability merits prompt attention due to the combination of public exploit availability, ease of exploitation (authenticated access only), and the operational impact of web interface disruption. Organizations relying on Tenda W12 for wireless management should prioritize patching to avoid credential-based denial-of-service incidents.

Risk score, explained

CVSS 3.1 score 6.5 (MEDIUM) reflects a network-accessible vulnerability requiring valid credentials (reducing immediate threat) that causes high availability impact (complete denial of the management interface). The lack of confidentiality or integrity violation and the requirement for prior authentication prevent a higher score, but public exploit availability and ease of exploitation elevate operational risk beyond the numeric score alone.

Frequently asked questions

Can this vulnerability allow an attacker to access my network or steal data?

No. This vulnerability only causes denial of service to the web management interface itself. It does not permit data exfiltration, network access, lateral movement, or device takeover. However, if a management interface is unavailable, it may hamper your ability to detect or respond to other threats.

Do I need valid login credentials to exploit this vulnerability?

Yes. The vulnerability requires prior authentication to the web interface. Attackers cannot exploit it from an unauthenticated state. This means compromised or weak credentials are a prerequisite. Protecting administrative passwords is essential.

Is there a workaround if I cannot patch immediately?

Yes. Restrict network access to the Tenda W12 web management interface using a firewall, VPN, or network segmentation. Allow only trusted administrator IP addresses or networks to reach the management port (typically 80/443). Additionally, enforce strong passwords and monitor for unusual login activity.

Will my Tenda W12 recover automatically after this attack?

No. A successful exploitation will crash or hang the web interface, requiring manual device restart or power cycle to restore management access. Implement monitoring to detect interface unavailability and develop procedures to respond quickly when it occurs.

This analysis is provided for informational purposes to help security teams assess and mitigate risk. SEC.co does not warrant the accuracy or completeness of third-party vulnerability data. Organizations must verify patch availability and compatibility with their specific hardware revisions and configurations by consulting Tenda's official security advisories and release notes. Exploitation and testing of vulnerabilities should occur only in controlled environments with proper authorization. Public exploit code carries inherent risks and may be malicious or unstable; use only in sandboxed environments if examination is necessary. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).