Ac10 Firmware
by Tenda
CVEs (12)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-5550 | Hig | 0.57 | 8.8 | 0.01 | Apr 5, 2026 | A vulnerability was identified in Tenda AC10 16.03.10.10_multi_TDE01. This affects the function fromSysToolChangePwd of the file /bin/httpd. The manipulation leads to stack-based buffer overflow. The attack may be initiated remotely. Multiple endpoints might be affected. | ||
| CVE-2026-5548 | Hig | 0.57 | 8.8 | 0.01 | Apr 5, 2026 | A vulnerability was found in Tenda AC10 16.03.10.10_multi_TDE01. Affected by this vulnerability is the function fromSysToolChangePwd of the file /bin/httpd. Performing a manipulation of the argument sys.userpass results in stack-based buffer overflow. The attack can be initiated… | ||
| CVE-2026-5547 | Med | 0.41 | 6.3 | 0.02 | Apr 5, 2026 | A vulnerability has been found in Tenda AC10 16.03.10.10_multi_TDE01. Affected is the function formAddMacfilterRule of the file /bin/httpd. Such manipulation leads to os command injection. It is possible to launch the attack remotely. Multiple endpoints might be affected. | ||
| CVE-2026-5549 | Med | 0.34 | 5.3 | 0.00 | Apr 5, 2026 | A vulnerability was determined in Tenda AC10 16.03.10.10_multi_TDE01. Affected by this issue is some unknown functionality of the file /webroot_ro/pem/privkeySrv.pem of the component RSA 2048-bit Private Key Handler. Executing a manipulation can lead to use of hard-coded… | ||
| CVE-2025-9309 | Low | 0.16 | 2.5 | 0.00 | Aug 21, 2025 | A vulnerability was found in Tenda AC10 16.03.10.13. Affected is an unknown function of the file /etc_ro/shadow of the component MD5 Hash Handler. Performing manipulation results in hard-coded credentials. The attack needs to be approached locally. A high degree of complexity is… | ||
| CVE-2025-12622 | 0.00 | — | 0.01 | Nov 3, 2025 | A vulnerability was determined in Tenda AC10 16.03.10.13. Affected by this vulnerability is the function formSysRunCmd of the file /goform/SysRunCmd. This manipulation of the argument getui causes buffer overflow. The attack may be initiated remotely. The exploit has been… | |||
| CVE-2025-57215 | 0.00 | — | 0.00 | Aug 28, 2025 | Tenda AC10 v4.0 firmware v16.03.10.20 was discovered to contain a stack overflow via the function get_parentControl_list_Info. | |||
| CVE-2025-57218 | 0.00 | — | 0.01 | Aug 28, 2025 | Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 was discovered to contain a stack overflow via the security_5g parameter in the function sub_46284C. | |||
| CVE-2025-57217 | 0.00 | — | 0.00 | Aug 28, 2025 | Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 was discovered to contain a stack overflow via the Password parameter in the function R7WebsSecurityHandler. | |||
| CVE-2025-57220 | 0.00 | — | 0.01 | Aug 28, 2025 | An input validation flaw in the 'ate' service of Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 to escalate privileges to root via a crafted UDP packet. | |||
| CVE-2025-57219 | 0.00 | — | 0.00 | Aug 28, 2025 | Incorrect access control in the endpoint /goform/ate of Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 allows attackers to escalate privileges or access sensitive components via a crafted request. | |||
| CVE-2024-32306 | 0.00 | — | 0.00 | Apr 17, 2024 | Tenda AC10U v1.0 Firmware v15.03.06.49 has a stack overflow vulnerability located via the PPW parameter in the fromWizardHandle function. |
- risk 0.57cvss 8.8epss 0.01
A vulnerability was identified in Tenda AC10 16.03.10.10_multi_TDE01. This affects the function fromSysToolChangePwd of the file /bin/httpd. The manipulation leads to stack-based buffer overflow. The attack may be initiated remotely. Multiple endpoints might be affected.
- risk 0.57cvss 8.8epss 0.01
A vulnerability was found in Tenda AC10 16.03.10.10_multi_TDE01. Affected by this vulnerability is the function fromSysToolChangePwd of the file /bin/httpd. Performing a manipulation of the argument sys.userpass results in stack-based buffer overflow. The attack can be initiated…
- risk 0.41cvss 6.3epss 0.02
A vulnerability has been found in Tenda AC10 16.03.10.10_multi_TDE01. Affected is the function formAddMacfilterRule of the file /bin/httpd. Such manipulation leads to os command injection. It is possible to launch the attack remotely. Multiple endpoints might be affected.
- risk 0.34cvss 5.3epss 0.00
A vulnerability was determined in Tenda AC10 16.03.10.10_multi_TDE01. Affected by this issue is some unknown functionality of the file /webroot_ro/pem/privkeySrv.pem of the component RSA 2048-bit Private Key Handler. Executing a manipulation can lead to use of hard-coded…
- risk 0.16cvss 2.5epss 0.00
A vulnerability was found in Tenda AC10 16.03.10.13. Affected is an unknown function of the file /etc_ro/shadow of the component MD5 Hash Handler. Performing manipulation results in hard-coded credentials. The attack needs to be approached locally. A high degree of complexity is…
- CVE-2025-12622Nov 3, 2025risk 0.00cvss —epss 0.01
A vulnerability was determined in Tenda AC10 16.03.10.13. Affected by this vulnerability is the function formSysRunCmd of the file /goform/SysRunCmd. This manipulation of the argument getui causes buffer overflow. The attack may be initiated remotely. The exploit has been…
- CVE-2025-57215Aug 28, 2025risk 0.00cvss —epss 0.00
Tenda AC10 v4.0 firmware v16.03.10.20 was discovered to contain a stack overflow via the function get_parentControl_list_Info.
- CVE-2025-57218Aug 28, 2025risk 0.00cvss —epss 0.01
Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 was discovered to contain a stack overflow via the security_5g parameter in the function sub_46284C.
- CVE-2025-57217Aug 28, 2025risk 0.00cvss —epss 0.00
Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 was discovered to contain a stack overflow via the Password parameter in the function R7WebsSecurityHandler.
- CVE-2025-57220Aug 28, 2025risk 0.00cvss —epss 0.01
An input validation flaw in the 'ate' service of Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 to escalate privileges to root via a crafted UDP packet.
- CVE-2025-57219Aug 28, 2025risk 0.00cvss —epss 0.00
Incorrect access control in the endpoint /goform/ate of Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 allows attackers to escalate privileges or access sensitive components via a crafted request.
- CVE-2024-32306Apr 17, 2024risk 0.00cvss —epss 0.00
Tenda AC10U v1.0 Firmware v15.03.06.49 has a stack overflow vulnerability located via the PPW parameter in the fromWizardHandle function.