ID

VAR-202604-0965


CVE

CVE-2026-5549


TITLE

Shenzhen Tenda Technology Co.,Ltd. of AC10  Multiple vulnerabilities in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-013827

DESCRIPTION

A vulnerability was determined in Tenda AC10 16.03.10.10_multi_TDE01. Affected by this issue is some unknown functionality of the file /webroot_ro/pem/privkeySrv.pem of the component RSA 2048-bit Private Key Handler. Executing a manipulation can lead to use of hard-coded cryptographic key . The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. This issue affects the component. In addition, information handled by the software will not be rewritten. Furthermore, the software will not stop. Furthermore, attacks exploiting this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-5549 // JVNDB: JVNDB-2026-013827

AFFECTED PRODUCTS

vendor:tendamodel:ac10scope:eqversion:16.03.10.10_multi_tde01

Trust: 1.0

vendor:tendamodel:ac10scope:eqversion: -

Trust: 0.8

vendor:tendamodel:ac10scope:eqversion:ac10 firmware 16.03.10.10_multi_tde01

Trust: 0.8

vendor:tendamodel:ac10scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2026-013827 // NVD: CVE-2026-5549

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2026-5549
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2026-5549
value: HIGH

Trust: 1.0

OTHER: JVNDB-2026-013827
value: HIGH

Trust: 0.8

cna@vuldb.com: CVE-2026-5549
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2026-013827
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2026-5549
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2026-5549
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2026-013827
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2026-013827 // NVD: CVE-2026-5549 // NVD: CVE-2026-5549

PROBLEMTYPE DATA

problemtype:CWE-320

Trust: 1.0

problemtype:CWE-321

Trust: 1.0

problemtype:Key Management Error (CWE-320) [ others ]

Trust: 0.8

problemtype: Using hardcoded encryption keys (CWE-321) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-013827 // NVD: CVE-2026-5549

PATCH

title://vuldb.com/vuln/355313url:https://github.com/somanyerrors/tenda-ac10v4-vulnerabilities/blob/main/findings/CRITICAL-05-exposed-rsa-private-key.md

Trust: 0.8

sources: JVNDB: JVNDB-2026-013827

EXTERNAL IDS

db:NVDid:CVE-2026-5549

Trust: 2.6

db:JVNDBid:JVNDB-2026-013827

Trust: 0.8

sources: JVNDB: JVNDB-2026-013827 // NVD: CVE-2026-5549

REFERENCES

url:https://www.tenda.com.cn/

Trust: 1.8

url:https://vuldb.com/vuln/355313/cti

Trust: 1.0

url:https://github.com/somanyerrors/tenda-ac10v4-vulnerabilities/blob/main/findings/critical-05-exposed-rsa-private-key.md

Trust: 1.0

url:https://vuldb.com/submit/782298

Trust: 1.0

url:https://vuldb.com/vuln/355313

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2026-5549

Trust: 0.8

sources: JVNDB: JVNDB-2026-013827 // NVD: CVE-2026-5549

SOURCES

db:JVNDBid:JVNDB-2026-013827
db:NVDid:CVE-2026-5549

LAST UPDATE DATE

2026-06-19T22:41:03.952000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2026-013827date:2026-05-01T01:44:00
db:NVDid:CVE-2026-5549date:2026-04-29T23:41:38.303

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2026-013827date:2026-05-01T00:00:00
db:NVDid:CVE-2026-5549date:2026-04-05T08:16:24.863