CVE-2026-5548

Description

A vulnerability was found in Tenda AC10 16.03.10.10_multi_TDE01. Affected by this vulnerability is the function fromSysToolChangePwd of the file /bin/httpd. Performing a manipulation of the argument sys.userpass results in stack-based buffer overflow. The attack can be initiated remotely.

PUBLISHED Reserved 2026-04-04 | Published 2026-04-05 | Updated 2026-04-06 | Assigner VulDB

Problem types

Stack-based Buffer Overflow

Memory Corruption

Product status

Timeline

Credits

CoreNode (VulDB User) reporter

References

vuldb.com/vuln/355312 (VDB-355312 | Tenda AC10 httpd fromSysToolChangePwd stack-based overflow) vdb-entry technical-description

vuldb.com/vuln/355312/cti (VDB-355312 | CTI Indicators (IOB, IOC, IOA)) signature permissions-required

vuldb.com/submit/782297 (Submit #782297 | Tenda AC10 V4 US_AC10V4.0si_V16.03.10.10_multi_TDE01 Stack-based Buffer Overflow) third-party-advisory

github.com/...TICAL-04-stackoverflow-fromsystoolchangepwd.md related

www.tenda.com.cn/ product

cve.org (CVE-2026-5548)

nvd.nist.gov (CVE-2026-5548)

Download JSON