Ac10 Firmware

ac10_firmware

Vendor: Tenda • 92 CVEs

CVEs (92)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-5550 1Tenda 1Ac10 Firmware Apr 29, 2026 Apr 5, 2026 8.7 HIGH· v4 8.8 HIGH· v3 9.0 HIGH· v2 A vulnerability was identified in Tenda AC10 16.03.10.10_multi_TDE01. This affects the function fromSysToolChangePwd of the file /bin/httpd. The manipulation leads to stack-based buffer overflow. The attack may be initia...Show more A vulnerability was identified in Tenda AC10 16.03.10.10_multi_TDE01. This affects the function fromSysToolChangePwd of the file /bin/httpd. The manipulation leads to stack-based buffer overflow. The attack may be initiated remotely. Multiple endpoints might be affected.Show less
CVE-2026-5549 1Tenda 1Ac10 Firmware Apr 29, 2026 Apr 5, 2026 5.5 MEDIUM· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A vulnerability was determined in Tenda AC10 16.03.10.10_multi_TDE01. Affected by this issue is some unknown functionality of the file /webroot_ro/pem/privkeySrv.pem of the component RSA 2048-bit Private Key Handler. Exe...Show more A vulnerability was determined in Tenda AC10 16.03.10.10_multi_TDE01. Affected by this issue is some unknown functionality of the file /webroot_ro/pem/privkeySrv.pem of the component RSA 2048-bit Private Key Handler. Executing a manipulation can lead to use of hard-coded cryptographic key . The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.Show less
CVE-2026-5548 1Tenda 1Ac10 Firmware Apr 30, 2026 Apr 5, 2026 8.7 HIGH· v4 8.8 HIGH· v3 9.0 HIGH· v2 A vulnerability was found in Tenda AC10 16.03.10.10_multi_TDE01. Affected by this vulnerability is the function fromSysToolChangePwd of the file /bin/httpd. Performing a manipulation of the argument sys.userpass results...Show more A vulnerability was found in Tenda AC10 16.03.10.10_multi_TDE01. Affected by this vulnerability is the function fromSysToolChangePwd of the file /bin/httpd. Performing a manipulation of the argument sys.userpass results in stack-based buffer overflow. The attack can be initiated remotely.Show less
CVE-2026-5547 1Tenda 1Ac10 Firmware Apr 30, 2026 Apr 5, 2026 5.3 MEDIUM· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability has been found in Tenda AC10 16.03.10.10_multi_TDE01. Affected is the function formAddMacfilterRule of the file /bin/httpd. Such manipulation leads to os command injection. It is possible to launch the at...Show more A vulnerability has been found in Tenda AC10 16.03.10.10_multi_TDE01. Affected is the function formAddMacfilterRule of the file /bin/httpd. Such manipulation leads to os command injection. It is possible to launch the attack remotely. Multiple endpoints might be affected.Show less
CVE-2025-67074 1Tenda 1Ac10 Firmware Jan 2, 2026 Dec 17, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code execution by sending a post request with a...Show more A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code execution by sending a post request with a crafted payload (field `serverName`) to /goform/AdvSetMacMtuWan.Show less
CVE-2025-67073 1Tenda 1Ac10 Firmware Jan 2, 2026 Dec 17, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code execution by sending a post request with a...Show more A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code execution by sending a post request with a crafted payload (field `serviceName`) to /goform/AdvSetMacMtuWan.Show less
CVE-2025-12622 1Tenda 1Ac10 Firmware Nov 5, 2025 Nov 3, 2025 7.4 HIGH· v4 9.8 CRITICAL· v3 9.0 HIGH· v2 A vulnerability was determined in Tenda AC10 16.03.10.13. Affected by this vulnerability is the function formSysRunCmd of the file /goform/SysRunCmd. This manipulation of the argument getui causes buffer overflow. The at...Show more A vulnerability was determined in Tenda AC10 16.03.10.13. Affected by this vulnerability is the function formSysRunCmd of the file /goform/SysRunCmd. This manipulation of the argument getui causes buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.Show less
CVE-2025-57220 1Tenda 1Ac10 Firmware Sep 3, 2025 Aug 28, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 An input validation flaw in the 'ate' service of Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 to escalate privileges to root via a crafted UDP packet.
CVE-2025-57219 1Tenda 1Ac10 Firmware Sep 3, 2025 Aug 28, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Incorrect access control in the endpoint /goform/ate of Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 allows attackers to escalate privileges or access sensitive components via a crafted request.
CVE-2025-57215 1Tenda 1Ac10 Firmware Sep 3, 2025 Aug 28, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Tenda AC10 v4.0 firmware v16.03.10.20 was discovered to contain a stack overflow via the function get_parentControl_list_Info.
CVE-2025-57218 1Tenda 1Ac10 Firmware Sep 3, 2025 Aug 28, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 was discovered to contain a stack overflow via the security_5g parameter in the function sub_46284C.
CVE-2025-57217 1Tenda 1Ac10 Firmware Sep 3, 2025 Aug 28, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 was discovered to contain a stack overflow via the Password parameter in the function R7WebsSecurityHandler.
CVE-2025-9309 1Tenda 1Ac10 Firmware Apr 29, 2026 Aug 21, 2025 1.1 LOW· v4 7.0 HIGH· v3 1.0 LOW· v2 A vulnerability was found in Tenda AC10 16.03.10.13. Affected is an unknown function of the file /etc_ro/shadow of the component MD5 Hash Handler. Performing manipulation results in hard-coded credentials. The attack nee...Show more A vulnerability was found in Tenda AC10 16.03.10.13. Affected is an unknown function of the file /etc_ro/shadow of the component MD5 Hash Handler. Performing manipulation results in hard-coded credentials. The attack needs to be approached locally. A high degree of complexity is needed for the attack. The exploitability is told to be difficult. The exploit has been made public and could be used.Show less
CVE-2025-8178 1Tenda 1Ac10 Firmware Aug 1, 2025 Jul 26, 2025 7.4 HIGH· v4 8.8 HIGH· v3 9.0 HIGH· v2 A vulnerability classified as critical has been found in Tenda AC10 16.03.10.13. Affected is an unknown function of the file /goform/RequestsProcessLaid. The manipulation of the argument device1D leads to heap-based buff...Show more A vulnerability classified as critical has been found in Tenda AC10 16.03.10.13. Affected is an unknown function of the file /goform/RequestsProcessLaid. The manipulation of the argument device1D leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2025-5629 1Tenda 1Ac10 Firmware Jun 6, 2025 Jun 5, 2025 8.7 HIGH· v4 9.8 CRITICAL· v3 9.0 HIGH· v2 A vulnerability, which was classified as critical, was found in Tenda AC10 up to 15.03.06.47. This affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg of the component HTTP Handler. The manipulati...Show more A vulnerability, which was classified as critical, was found in Tenda AC10 up to 15.03.06.47. This affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg of the component HTTP Handler. The manipulation of the argument startIp/endIp leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2025-4896 1Tenda 1Ac10 Firmware May 27, 2025 May 18, 2025 8.7 HIGH· v4 7.5 HIGH· v3 9.0 HIGH· v2 A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. Affected by this issue is some unknown functionality of the file /goform/UserCongratulationsExec. The manipulation of the argument getuid le...Show more A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. Affected by this issue is some unknown functionality of the file /goform/UserCongratulationsExec. The manipulation of the argument getuid leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2025-44175 1Tenda 1Ac10 Firmware Jun 13, 2025 May 12, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Tenda AC10 v4 V16.03.10.13 is vulnerable to Buffer Overflow in the GetParentControlInfo function.
CVE-2025-45779 1Tenda 1Ac10 Firmware Jun 13, 2025 May 12, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Tenda AC10 V1.0re_V15.03.06.46 is vulnerable to Buffer Overflow in the formSetPPTPUserList handler via the list POST parameter.
CVE-2025-25455 1Tenda 1Ac10 Firmware Apr 22, 2025 Apr 17, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via wanMTU2.
CVE-2025-25454 1Tenda 1Ac10 Firmware Apr 22, 2025 Apr 17, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via wanSpeed2.

12 3 4 5 Next