High severity8.8NVD Advisory· Published Apr 5, 2026· Updated Apr 29, 2026

CVE-2026-5550

Description

A vulnerability was identified in Tenda AC10 16.03.10.10_multi_TDE01. This affects the function fromSysToolChangePwd of the file /bin/httpd. The manipulation leads to stack-based buffer overflow. The attack may be initiated remotely. Multiple endpoints might be affected.

Affected products

Tenda/Ac10 Firmware
cpe:2.3:o:tenda:ac10_firmware:16.03.10.10_multi_tde01:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/somanyerrors/tenda-ac10v4-vulnerabilities/blob/main/findings/HIGH-01-getvalue-229-callers.mdnvdThird Party AdvisoryMitigation
vuldb.com/submit/782299nvdThird Party AdvisoryVDB Entry
vuldb.com/vuln/355314nvdThird Party AdvisoryVDB Entry
vuldb.com/vuln/355314/ctinvdPermissions RequiredVDB Entry
www.tenda.com.cnnvdProduct

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000