CVE-2026-5550: Tenda AC10 Stack Overflow - High Severity
Platform
linux
Component
tenda
CVE-2026-5550 describes a stack-based buffer overflow vulnerability discovered in the Tenda AC10 httpd, specifically within the /bin/httpd function fromSysToolChangePwd. Successful exploitation could lead to a denial of service or potentially allow for remote code execution, depending on the system's configuration. This vulnerability affects Tenda AC10 devices running version 16.03.10.10_multi_TDE01. No official patch has been released at the time of publication.
How to fix
Actualice el firmware del dispositivo Tenda AC10 a una versión corregida por el fabricante. Consulte el sitio web de soporte de Tenda para obtener las últimas actualizaciones de firmware y siga las instrucciones proporcionadas para actualizar el dispositivo de forma segura.
Frequently asked questions
What is CVE-2026-5550?
CVE-2026-5550 is a HIGH severity stack-based buffer overflow vulnerability affecting the Tenda AC10 httpd. It allows a remote attacker to potentially exploit the /bin/httpd function fromSysToolChangePwd.
Am I affected by CVE-2026-5550?
You are potentially affected if you are using a Tenda AC10 device running version 16.03.10.10_multi_TDE01. Check your device's firmware version to confirm.
How can I fix or mitigate CVE-2026-5550?
Currently, no official patch is available from Tenda. As a mitigation, consider isolating the affected device from the network or implementing strict firewall rules to limit external access.
Monitor your dependencies automatically
Get notified when new vulnerabilities affect your projects. Free forever.
Start free