ID

VAR-202604-1108


CVE

CVE-2026-5547


TITLE

Shenzhen Tenda Technology Co.,Ltd. of AC10  Multiple vulnerabilities in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-013829

DESCRIPTION

A vulnerability has been found in Tenda AC10 16.03.10.10_multi_TDE01. Affected is the function formAddMacfilterRule of the file /bin/httpd. Such manipulation leads to os command injection. It is possible to launch the attack remotely. Multiple endpoints might be affected. Multiple endpoints may be affected.All information handled by the software may be leaked to the outside. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-5547 // JVNDB: JVNDB-2026-013829

AFFECTED PRODUCTS

vendor:tendamodel:ac10scope:eqversion:16.03.10.10_multi_tde01

Trust: 1.0

vendor:tendamodel:ac10scope:eqversion: -

Trust: 0.8

vendor:tendamodel:ac10scope:eqversion:ac10 firmware 16.03.10.10_multi_tde01

Trust: 0.8

vendor:tendamodel:ac10scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2026-013829 // NVD: CVE-2026-5547

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2026-5547
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2026-5547
value: HIGH

Trust: 1.0

OTHER: JVNDB-2026-013829
value: HIGH

Trust: 0.8

cna@vuldb.com: CVE-2026-5547
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2026-013829
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2026-5547
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 3.4
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2026-5547
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2026-013829
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2026-013829 // NVD: CVE-2026-5547 // NVD: CVE-2026-5547

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.0

problemtype:CWE-78

Trust: 1.0

problemtype:Command injection (CWE-77) [ others ]

Trust: 0.8

problemtype:OS Command injection (CWE-78) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-013829 // NVD: CVE-2026-5547

PATCH

title://vuldb.com/vuln/355311url:https://github.com/somanyerrors/tenda-ac10v4-vulnerabilities/blob/main/findings/CRITICAL-03-command-injection-formaddmacfilterrule.md

Trust: 0.8

sources: JVNDB: JVNDB-2026-013829

EXTERNAL IDS

db:NVDid:CVE-2026-5547

Trust: 2.6

db:JVNDBid:JVNDB-2026-013829

Trust: 0.8

sources: JVNDB: JVNDB-2026-013829 // NVD: CVE-2026-5547

REFERENCES

url:https://www.tenda.com.cn/

Trust: 1.8

url:https://vuldb.com/vuln/355311

Trust: 1.0

url:https://github.com/somanyerrors/tenda-ac10v4-vulnerabilities/blob/main/findings/critical-03-command-injection-formaddmacfilterrule.md

Trust: 1.0

url:https://vuldb.com/submit/782296

Trust: 1.0

url:https://vuldb.com/vuln/355311/cti

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2026-5547

Trust: 0.8

sources: JVNDB: JVNDB-2026-013829 // NVD: CVE-2026-5547

SOURCES

db:JVNDBid:JVNDB-2026-013829
db:NVDid:CVE-2026-5547

LAST UPDATE DATE

2026-06-19T23:15:14.253000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2026-013829date:2026-05-01T01:44:00
db:NVDid:CVE-2026-5547date:2026-04-30T13:38:46.470

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2026-013829date:2026-05-01T00:00:00
db:NVDid:CVE-2026-5547date:2026-04-05T08:16:23.390