CVE-2026-5548: Tenda AC10 Stack Overflow - High Risk
Platform
linux
Component
tenda
CVE-2026-5548 is a critical vulnerability affecting the Tenda AC10 router's httpd component. The vulnerability stems from a stack-based buffer overflow within the fromSysToolChangePwd function, located in the /bin/httpd file. Successful exploitation allows a remote attacker to potentially execute arbitrary code on the device, compromising its security and functionality. This issue specifically impacts firmware version 16.03.10.10_multi_TDE01, and currently, no official patch has been released.
How to fix
Actualice el firmware del dispositivo Tenda AC10 a una versión corregida por el fabricante. Consulte el sitio web de soporte de Tenda para obtener la última versión del firmware y las instrucciones de actualización.
Frequently asked questions
What is CVE-2026-5548?
CVE-2026-5548 is a high-severity vulnerability in the Tenda AC10 router's firmware. It's a stack-based buffer overflow that can be triggered remotely by manipulating the sys.userpass argument, potentially allowing an attacker to execute code.
Am I affected by CVE-2026-5548?
You are likely affected if you are using a Tenda AC10 router with firmware version 16.03.10.10_multi_TDE01. It is crucial to check your router's firmware version and take appropriate action.
How can I fix or mitigate CVE-2026-5548?
Currently, there is no official patch available from Tenda to address this vulnerability. As a temporary mitigation, consider isolating the router from the internet or implementing strict firewall rules to limit external access.
Monitor your dependencies automatically
Get notified when new vulnerabilities affect your projects. Free forever.
Start free