High severity8.8NVD Advisory· Published Apr 5, 2026· Updated Apr 30, 2026

CVE-2026-5548

Description

A vulnerability was found in Tenda AC10 16.03.10.10_multi_TDE01. Affected by this vulnerability is the function fromSysToolChangePwd of the file /bin/httpd. Performing a manipulation of the argument sys.userpass results in stack-based buffer overflow. The attack can be initiated remotely.

Affected products

Tenda/Ac10 Firmware
cpe:2.3:o:tenda:ac10_firmware:16.03.10.10_multi_tde01:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/somanyerrors/tenda-ac10v4-vulnerabilities/blob/main/findings/CRITICAL-04-stackoverflow-fromsystoolchangepwd.mdnvdThird Party Advisory
vuldb.com/submit/782297nvdThird Party Advisory
vuldb.com/vuln/355312nvdThird Party Advisory
vuldb.com/vuln/355312/ctinvdPermissions Required
www.tenda.com.cnnvdProduct

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000