Scan free
HIGHCVE-2026-5548CVSS 8.8

CVE-2026-5548: Stack Overflow in Tenda AC10 httpd

Platform

tenda

Component

tenda

AI Confidence: highNVDEPSS 0.0%Reviewed: May 2026
View on NVD
Save

CVE-2026-5548 describes a critical vulnerability affecting the Tenda AC10 router's HTTP daemon. This flaw, a stack-based buffer overflow, allows remote attackers to manipulate the sys.userpass parameter within the /bin/httpd file, potentially leading to arbitrary code execution. The vulnerability impacts devices running firmware version 16.03.10.10multiTDE01. A fix is expected from Tenda, and mitigation strategies are available in the meantime.

Impact and Attack Scenarios

The stack-based buffer overflow vulnerability in the Tenda AC10's HTTP daemon is particularly concerning due to its remote accessibility and potential for code execution. A successful exploit could allow an attacker to gain complete control of the router, enabling them to modify configurations, intercept network traffic, and potentially pivot to other devices on the network. This could lead to data breaches, denial-of-service attacks, and unauthorized access to sensitive information. The ability to remotely trigger this overflow significantly increases the attack surface and potential for widespread exploitation, especially given the prevalence of Tenda routers in home and small business networks.

Exploitation Context

CVE-2026-5548 was publicly disclosed on 2026-04-05. The vulnerability's severity is considered HIGH (CVSS: 8.8). Currently, no public proof-of-concept (PoC) exploits have been released, but the nature of the vulnerability (remote stack overflow) makes it likely that one will emerge. It is not currently listed on CISA KEV. The potential for remote code execution warrants close monitoring and proactive mitigation.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown
CISA KEVNO
Internet ExposureHigh
Reports2 threat reports

EPSS

0.05% (15% percentile)

CISA SSVC

Exploitationnone
Automatableno
Technical Impacttotal

CVSS Vector

THREAT INTELLIGENCE· CVSS 3.1CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:R8.8HIGHAttack VectorNetworkHow the attacker reaches the targetAttack ComplexityLowConditions required to exploitPrivileges RequiredLowAuthentication level needed to attackUser InteractionNoneWhether a victim must take actionScopeUnchangedImpact beyond the vulnerable componentConfidentialityHighRisk of sensitive data exposureIntegrityHighRisk of unauthorized data modificationAvailabilityHighRisk of service disruptionnextguardhq.com · CVSS v3.1 Base Score
What do these metrics mean?
Attack Vector
Network — remotely exploitable over the internet. No physical or local access required. Widest attack surface.
Attack Complexity
Low — no special conditions required. Attacker can exploit reliably without depending on rare configurations or timing.
Privileges Required
Low — any valid user account is sufficient. Basic authenticated access required.
User Interaction
None — attack is automatic and silent. Victim does nothing: no click, no file open.
Scope
Unchanged — impact is limited to the vulnerable component itself.
Confidentiality
High — complete confidentiality loss. Attacker can read all data: credentials, keys, personal data.
Integrity
High — attacker can write, modify, or delete any data: databases, config files, or code.
Availability
High — complete crash or resource exhaustion. Full denial of service.

Affected Software

Componenttenda
VendorTenda
Affected rangeFixed in
16.03.10.10_multi_TDE01 – 16.03.10.10_multi_TDE01

Weakness Classification (CWE)

CWE-121CWE-119

Timeline

  1. Reserved
  2. Published
  3. Modified
  4. EPSS updated
Unpatched — 49 days since disclosure

Mitigation and Workarounds

The primary mitigation for CVE-2026-5548 is to upgrade to a patched firmware version from Tenda as soon as it becomes available. Until then, several temporary measures can be implemented. Deploying a Web Application Firewall (WAF) with rules to filter requests containing suspicious sys.userpass parameters can help prevent exploitation. Additionally, carefully review and restrict access to the router's web interface, limiting it to trusted networks. Monitor router logs for unusual activity, particularly requests to /bin/httpd with malformed or excessively long sys.userpass values. Consider implementing network segmentation to limit the impact of a potential compromise.

How to fix

Update the firmware of the Tenda AC10 device to a version corrected by the manufacturer. Refer to the Tenda support website for the latest firmware version and update instructions.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2026-5548 — Stack Overflow in Tenda AC10 httpd?

CVE-2026-5548 is a HIGH severity vulnerability in the Tenda AC10 router's HTTP daemon, allowing remote attackers to trigger a stack-based buffer overflow by manipulating the sys.userpass parameter.

Am I affected by CVE-2026-5548 in Tenda AC10?

You are affected if your Tenda AC10 router is running firmware version 16.03.10.10multiTDE01. Check your router's firmware version in the administration interface.

How do I fix CVE-2026-5548 in Tenda AC10?

The recommended fix is to upgrade to a patched firmware version from Tenda as soon as it becomes available. Until then, implement WAF rules and monitor router logs.

Is CVE-2026-5548 being actively exploited?

While no public exploits are currently available, the vulnerability's nature makes it likely that exploitation attempts will occur. Monitor your router closely.

Where can I find the official Tenda advisory for CVE-2026-5548?

Refer to the Tenda website for official advisories and firmware updates related to CVE-2026-5548. Check their security notice section.

Is your project affected?

Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.

Scan freeSearch CVEs