VYPR

Ac10 Firmware

by Tenda

CVEs (12)

  • CVE-2026-5550HigApr 5, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was identified in Tenda AC10 16.03.10.10_multi_TDE01. This affects the function fromSysToolChangePwd of the file /bin/httpd. The manipulation leads to stack-based buffer overflow. The attack may be initiated remotely. Multiple endpoints might be affected.

  • CVE-2026-5548HigApr 5, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was found in Tenda AC10 16.03.10.10_multi_TDE01. Affected by this vulnerability is the function fromSysToolChangePwd of the file /bin/httpd. Performing a manipulation of the argument sys.userpass results in stack-based buffer overflow. The attack can be initiated…

  • CVE-2026-5547MedApr 5, 2026
    risk 0.41cvss 6.3epss 0.02

    A vulnerability has been found in Tenda AC10 16.03.10.10_multi_TDE01. Affected is the function formAddMacfilterRule of the file /bin/httpd. Such manipulation leads to os command injection. It is possible to launch the attack remotely. Multiple endpoints might be affected.

  • CVE-2026-5549MedApr 5, 2026
    risk 0.34cvss 5.3epss 0.00

    A vulnerability was determined in Tenda AC10 16.03.10.10_multi_TDE01. Affected by this issue is some unknown functionality of the file /webroot_ro/pem/privkeySrv.pem of the component RSA 2048-bit Private Key Handler. Executing a manipulation can lead to use of hard-coded…

  • CVE-2025-9309LowAug 21, 2025
    risk 0.16cvss 2.5epss 0.00

    A vulnerability was found in Tenda AC10 16.03.10.13. Affected is an unknown function of the file /etc_ro/shadow of the component MD5 Hash Handler. Performing manipulation results in hard-coded credentials. The attack needs to be approached locally. A high degree of complexity is…

  • CVE-2025-12622Nov 3, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was determined in Tenda AC10 16.03.10.13. Affected by this vulnerability is the function formSysRunCmd of the file /goform/SysRunCmd. This manipulation of the argument getui causes buffer overflow. The attack may be initiated remotely. The exploit has been…

  • CVE-2025-57215Aug 28, 2025
    risk 0.00cvss epss 0.00

    Tenda AC10 v4.0 firmware v16.03.10.20 was discovered to contain a stack overflow via the function get_parentControl_list_Info.

  • CVE-2025-57218Aug 28, 2025
    risk 0.00cvss epss 0.01

    Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 was discovered to contain a stack overflow via the security_5g parameter in the function sub_46284C.

  • CVE-2025-57217Aug 28, 2025
    risk 0.00cvss epss 0.00

    Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 was discovered to contain a stack overflow via the Password parameter in the function R7WebsSecurityHandler.

  • CVE-2025-57220Aug 28, 2025
    risk 0.00cvss epss 0.01

    An input validation flaw in the 'ate' service of Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 to escalate privileges to root via a crafted UDP packet.

  • CVE-2025-57219Aug 28, 2025
    risk 0.00cvss epss 0.00

    Incorrect access control in the endpoint /goform/ate of Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 allows attackers to escalate privileges or access sensitive components via a crafted request.

  • CVE-2024-32306Apr 17, 2024
    risk 0.00cvss epss 0.00

    Tenda AC10U v1.0 Firmware v15.03.06.49 has a stack overflow vulnerability located via the PPW parameter in the fromWizardHandle function.