Platform
tenda
Component
tenda
CVE-2026-5547 describes a Command Injection vulnerability discovered in the Tenda AC10 router. This flaw allows attackers to execute arbitrary operating system commands on the device, potentially leading to unauthorized access and control. The vulnerability affects routers running firmware version 16.03.10.10multiTDE01. A patched firmware version is expected to resolve this issue.
The Command Injection vulnerability in Tenda AC10 allows an attacker to inject and execute arbitrary OS commands on the router. Successful exploitation could grant the attacker complete control over the device, enabling them to modify configurations, steal sensitive data (such as user credentials and network traffic logs), and potentially pivot to other devices on the network. The remote nature of the vulnerability significantly broadens the attack surface, as it can be exploited from anywhere with network access to the router. This vulnerability shares similarities with other command injection flaws where improper input validation allows attackers to bypass security controls and execute malicious code.
CVE-2026-5547 was publicly disclosed on 2026-04-05. The vulnerability's impact is amplified by its remote accessibility and the potential for complete system compromise. Currently, no public proof-of-concept (POC) exploits have been identified. The EPSS score is pending evaluation, but the nature of the vulnerability suggests a potential for medium-level exploitation probability given the ease of command injection. Monitor CISA and NVD for updates regarding exploitation activity.
Exploit Status
EPSS
0.83% (75% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-5547 is to upgrade the Tenda AC10 router to a firmware version that addresses the vulnerability. Since a fixed firmware version is not specified in the provided data, it's crucial to monitor Tenda's official website for updates. As a temporary workaround, consider implementing strict firewall rules to restrict access to the /bin/httpd endpoint from untrusted sources. Additionally, review and harden router configurations, disabling unnecessary services and features. Monitor router logs for suspicious activity, particularly attempts to access or manipulate the /bin/httpd file. If a rollback is necessary due to a problematic upgrade, revert to a previous, known-stable firmware version.
Update the firmware of the Tenda AC10 device to a version corrected by the manufacturer. Consult the Tenda support website for the latest firmware updates and follow the provided instructions for a secure installation.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-5547 is a Command Injection vulnerability affecting Tenda AC10 routers running firmware version 16.03.10.10multiTDE01, allowing attackers to execute OS commands remotely.
You are affected if you are using a Tenda AC10 router with firmware version 16.03.10.10multiTDE01. Check your router's firmware version and upgrade if a patch is available.
The recommended fix is to upgrade to a patched firmware version from Tenda. Monitor Tenda's official website for updates and implement temporary workarounds like firewall restrictions.
Currently, there are no confirmed reports of active exploitation, but the vulnerability's nature suggests a potential for exploitation.
Please refer to Tenda's official website and security advisories for the latest information and updates regarding CVE-2026-5547.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.