CVE-2026-5550— Tenda AC10 httpd fromSysToolChangePwd stack-based overflow
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-5550
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Tenda AC10 httpd fromSysToolChangePwd stack-based overflow
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability was identified in Tenda AC10 16.03.10.10_multi_TDE01. This affects the function fromSysToolChangePwd of the file /bin/httpd. The manipulation leads to stack-based buffer overflow. The attack may be initiated remotely. Multiple endpoints might be affected.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
栈缓冲区溢出
Source: NVD (National Vulnerability Database)
Vulnerability Title
Tenda AC10 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Tenda AC10是中国腾达(Tenda)公司的一款无线路由器。 Tenda AC10 16.03.10.10_multi_TDE01版本存在安全漏洞,该漏洞源于文件/bin/httpd中fromSysToolChangePwd函数存在栈缓冲区溢出。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-5550
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCVerified env Premium
Qwen3.6-35B-A3B · 11180 chars
Paid plan includes:
In-depth vulnerability mechanism
Trigger conditions & impact
Full executable POC code
Exploit chain & mitigation
POC zip download
100+ AI POC generations per month
III. Intelligence Information for CVE-2026-5550
Please Login to view more intelligence information
- CVE-2026-5550 Tenda AC10 httpd fromSysToolChangePwd stack-based overflowvdb-entrytechnical-description
- https://nvd.nist.gov/vuln/detail/CVE-2026-5550
Same Patch Batch · Tenda · 2026-04-05 · 7 CVEs total
| CVE-2026-5548 | 8.8 HIGH | Tenda AC10 httpd fromSysToolChangePwd stack-based overflow |
| CVE-2026-5567 | 8.8 HIGH | Tenda M3 Destination setAdvPolicyData buffer overflow |
| CVE-2026-5604 | 8.8 HIGH | Tenda CH22 Parameter CertLocalPrecreate formCertLocalPrecreate stack-based overflow |
| CVE-2026-5605 | 8.8 HIGH | Tenda CH22 WrlExtraSet formWrlExtraSet stack-based overflow |
| CVE-2026-5547 | 6.3 MEDIUM | Tenda AC10 httpd formAddMacfilterRule os command injection |
| CVE-2026-5549 | 5.3 MEDIUM | Tenda AC10 RSA 2048-bit Private Key privkeySrv.pem hard-coded key |
IV. Related Vulnerabilities
Same product: AC10
- CVE-2026-5549
Tenda AC10 RSA 2048-bit Private Key privkeySrv.pem hard-code - CVE-2026-5548
Tenda AC10 httpd fromSysToolChangePwd stack-based overflow - CVE-2026-5547
Tenda AC10 httpd formAddMacfilterRule os command injection - CVE-2025-12622
Tenda AC10 SysRunCmd formSysRunCmd buffer overflow - CVE-2025-9309
Tenda AC10 MD5 Hash shadow hard-coded credentials
Same vendor: Tenda
- CVE-2026-8138
Tenda CX12L SetPptpServerCfg” formSetPPTPServer stack-based - CVE-2026-7470
Tenda 4G300 SafeMacFilter sub_427C3C stack-based overflow - CVE-2026-7469
Tenda 4G300 DelFil sub_425A28 command injection - CVE-2018-25318
Tenda FH303/A300 V5.07.68_EN Cookie Session Weakness DNS Cha - CVE-2018-25317
Tenda W3002R/A302/W309R V5.07.64_en Cookie Session Weakness
Same weakness: CWE-121
- CVE-2026-6665
PgBouncer buffer overflow in SCRAM - CVE-2026-41509
Integer underflow in crypto_sign_open() leads to buffer over - CVE-2026-8138
Tenda CX12L SetPptpServerCfg” formSetPPTPServer stack-based - CVE-2026-41286
Stack-based Buffer Overflow in WatchGuard Agent Discovery Se - CVE-2026-41287
Stack-based Buffer Overflow in WatchGuard Agent Discovery Se
V. Comments for CVE-2026-5550
No comments yet