Tenda W12 Firmware
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Tenda W12 Firmware.
By the Year
In 2026 there have been 5 vulnerabilities in Tenda W12 Firmware with an average score of 8.3 out of ten. Last year, in 2025 W12 Firmware had 3 security vulnerabilities published. That is, 2 more vulnerabilities have already been reported in 2026 as compared to last year. Last year, the average CVE base score was greater by 0.03
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 5 | 8.34 |
| 2025 | 3 | 8.37 |
It may take a day or so for new W12 Firmware vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Tenda W12 Firmware Security Vulnerabilities
Tenda W12 v3.0.0.7 Buffer Overflow in /bin/httpd (remote)
CVE-2026-10192
8.8 - High
- May 31, 2026
A vulnerability was identified in Tenda W12 3.0.0.7(4763). The affected element is the function set_local_time_0 of the file /bin/httpd. Such manipulation of the argument Time leads to stack-based buffer overflow. The attack can be launched remotely. The exploit is publicly available and might be used.
Stack Overflow
Tenda W12 3.0.0.7: Stack Buffer Overflow in cgiWifiMacFilterSet (httpd)
CVE-2026-10191
8.8 - High
- May 31, 2026
A vulnerability was determined in Tenda W12 3.0.0.7(4763). Impacted is the function cgiWifiMacFilterSet of the file /bin/httpd. This manipulation of the argument wifiMacFilterSet.macList.mac causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.
Stack Overflow
Tenda W12 3.0.0.7 DoS via WebMgmt Timeout Set (cgiSysWebTimeoutSet)
CVE-2026-10190
6.5 - Medium
- May 31, 2026
A vulnerability was found in Tenda W12 3.0.0.7(4763). This issue affects the function cgiSysWebTimeoutSet of the file /bin/httpd of the component Web Management Interface. The manipulation of the argument web_over_time results in denial of service. It is possible to launch the attack remotely. The exploit has been made public and could be used.
Improper Resource Shutdown or Release
Stack Bof in Tenda W12 3.0.0.7 cgiSysTimeInfoSet
CVE-2026-10189
8.8 - High
- May 31, 2026
A vulnerability has been found in Tenda W12 3.0.0.7(4763). This vulnerability affects the function cgiSysTimeInfoSet of the file /bin/httpd. The manipulation of the argument sec leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Stack Overflow
Tenda W12 3.0.0.7 Remote Stack Buffer Overflow via cgistaKickOff
CVE-2026-10188
8.8 - High
- May 31, 2026
A flaw has been found in Tenda W12 3.0.0.7(4763). This affects the function cgistaKickOff of the file /bin/httpd. Executing a manipulation of the argument staMac can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been published and may be used.
Stack Overflow
Tenda W12 3.0.0.6: wifiScheduledSet NPE in HTTP Req Handler (Remote)
CVE-2025-11550
6.5 - Medium
- October 09, 2025
A vulnerability was found in Tenda W12 3.0.0.6(3948). The impacted element is the function wifiScheduledSet of the file /goform/modules of the component HTTP Request Handler. The manipulation of the argument wifiScheduledSet results in null pointer dereference. The attack may be performed from remote. The exploit has been made public and could be used.
NULL Pointer Dereference
Tenda W12 3.0.0.6 Buffer Overflow in wifiMacFilterSet (HTTP Request Handler)
CVE-2025-11549
8.8 - High
- October 09, 2025
A vulnerability has been found in Tenda W12 3.0.0.6(3948). The affected element is the function wifiMacFilterSet of the file /goform/modules of the component HTTP Request Handler. The manipulation of the argument mac leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.
Stack Overflow
Critical Stack-Based Buffer Overflow in Tenda W12 3.0.0.5 cgiWifiRadioSet
CVE-2025-3693
9.8 - Critical
- April 16, 2025
A vulnerability was found in Tenda W12 3.0.0.5. It has been rated as critical. Affected by this issue is the function cgiWifiRadioSet of the file /bin/httpd. The manipulation leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Buffer Overflow
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Tenda W12 Firmware or by Tenda? Click the Watch button to subscribe.
