Medium severity5.3NVD Advisory· Published Apr 5, 2026· Updated Apr 29, 2026

CVE-2026-5549

Description

A vulnerability was determined in Tenda AC10 16.03.10.10_multi_TDE01. Affected by this issue is some unknown functionality of the file /webroot_ro/pem/privkeySrv.pem of the component RSA 2048-bit Private Key Handler. Executing a manipulation can lead to use of hard-coded cryptographic key . The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.

Affected products

Tenda/Ac10 Firmware
cpe:2.3:o:tenda:ac10_firmware:16.03.10.10_multi_tde01:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/somanyerrors/tenda-ac10v4-vulnerabilities/blob/main/findings/CRITICAL-05-exposed-rsa-private-key.mdnvdThird Party Advisory
vuldb.com/submit/782298nvdThird Party AdvisoryVDB Entry
vuldb.com/vuln/355313nvdThird Party AdvisoryVDB Entry
vuldb.com/vuln/355313/ctinvdPermissions RequiredVDB Entry
www.tenda.com.cnnvdProduct

News mentions

No linked articles in our index yet.

cvss	0.345
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000