Platform
tenda
Component
tenda
CVE-2026-5548 describes a critical vulnerability affecting the Tenda AC10 router's HTTP daemon. This flaw, a stack-based buffer overflow, allows remote attackers to manipulate the sys.userpass parameter within the /bin/httpd file, potentially leading to arbitrary code execution. The vulnerability impacts devices running firmware version 16.03.10.10multiTDE01. A fix is expected from Tenda, and mitigation strategies are available in the meantime.
The stack-based buffer overflow vulnerability in the Tenda AC10's HTTP daemon is particularly concerning due to its remote accessibility and potential for code execution. A successful exploit could allow an attacker to gain complete control of the router, enabling them to modify configurations, intercept network traffic, and potentially pivot to other devices on the network. This could lead to data breaches, denial-of-service attacks, and unauthorized access to sensitive information. The ability to remotely trigger this overflow significantly increases the attack surface and potential for widespread exploitation, especially given the prevalence of Tenda routers in home and small business networks.
CVE-2026-5548 was publicly disclosed on 2026-04-05. The vulnerability's severity is considered HIGH (CVSS: 8.8). Currently, no public proof-of-concept (PoC) exploits have been released, but the nature of the vulnerability (remote stack overflow) makes it likely that one will emerge. It is not currently listed on CISA KEV. The potential for remote code execution warrants close monitoring and proactive mitigation.
Exploit Status
EPSS
0.05% (15% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-5548 is to upgrade to a patched firmware version from Tenda as soon as it becomes available. Until then, several temporary measures can be implemented. Deploying a Web Application Firewall (WAF) with rules to filter requests containing suspicious sys.userpass parameters can help prevent exploitation. Additionally, carefully review and restrict access to the router's web interface, limiting it to trusted networks. Monitor router logs for unusual activity, particularly requests to /bin/httpd with malformed or excessively long sys.userpass values. Consider implementing network segmentation to limit the impact of a potential compromise.
Update the firmware of the Tenda AC10 device to a version corrected by the manufacturer. Refer to the Tenda support website for the latest firmware version and update instructions.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-5548 is a HIGH severity vulnerability in the Tenda AC10 router's HTTP daemon, allowing remote attackers to trigger a stack-based buffer overflow by manipulating the sys.userpass parameter.
You are affected if your Tenda AC10 router is running firmware version 16.03.10.10multiTDE01. Check your router's firmware version in the administration interface.
The recommended fix is to upgrade to a patched firmware version from Tenda as soon as it becomes available. Until then, implement WAF rules and monitor router logs.
While no public exploits are currently available, the vulnerability's nature makes it likely that exploitation attempts will occur. Monitor your router closely.
Refer to the Tenda website for official advisories and firmware updates related to CVE-2026-5548. Check their security notice section.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.