📦

ac10

Vendor: tenda

Actively Exploited 1 CISA KEV List

PoC / Exploits 0 Code Available

Total RCEs 35 Remote Access

Total CVEs 118 Total Indexed

Avg. EPSS 1.36% Exploit Prob.

Latest CVE CVE-2026-5550 Apr 05

Security Vulnerability Index

Page 2 / 12

5.3 CVSS

CVE-2025-57218

Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 was discovered to contain a stack overflow via the security_5g parameter in the function sub_46284C.

EPSS: 0.14%

Severity: MEDIUM

Aug 28, 2025

5.3 CVSS

CVE-2025-57217

Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 was discovered to contain a stack overflow via the Password parameter in the function R7WebsSecurityHandler.

EPSS: 0.11%

Severity: MEDIUM

Aug 28, 2025

1.1 CVSS

CVE-2025-9309

A vulnerability was found in Tenda AC10 16.03.10.13. Affected is an unknown function of the file /etc_ro/shadow of the component MD5 Hash Handler. Performing manipulation results in hard-coded credentials. The attack needs to be approached locally. A high degree of complexity is needed for the attack. The exploitability is told to be difficult. The exploit has been made public and could be used.

EPSS: 0.03%

Severity: LOW

Aug 21, 2025

7.4 CVSS

CVE-2025-8178

A vulnerability classified as critical has been found in Tenda AC10 16.03.10.13. Affected is an unknown function of the file /goform/RequestsProcessLaid. The manipulation of the argument device1D leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

EPSS: 1.13%

Severity: HIGH

Jul 26, 2025

8.7 CVSS

CVE-2025-5629

A vulnerability, which was classified as critical, was found in Tenda AC10 up to 15.03.06.47. This affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg of the component HTTP Handler. The manipulation of the argument startIp/endIp leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

EPSS: 1.33%

Severity: HIGH

Jun 05, 2025

8.7 CVSS

CVE-2025-4896

A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. Affected by this issue is some unknown functionality of the file /goform/UserCongratulationsExec. The manipulation of the argument getuid leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

EPSS: 0.75%

Severity: HIGH

May 18, 2025

5.4 CVSS

CVE-2025-44175

Tenda AC10 v4 V16.03.10.13 is vulnerable to Buffer Overflow in the GetParentControlInfo function.

EPSS: 0.22%

Severity: MEDIUM

May 12, 2025

9.8 CVSS

CVE-2025-45779

Tenda AC10 V1.0re_V15.03.06.46 is vulnerable to Buffer Overflow in the formSetPPTPUserList handler via the list POST parameter.

EPSS: 0.86%

Severity: CRITICAL

May 12, 2025

7.5 CVSS

CVE-2025-25455

Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via wanMTU2.

EPSS: 0.80%

Severity: HIGH

Apr 17, 2025

7.5 CVSS

CVE-2025-25454

Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via wanSpeed2.

EPSS: 0.94%

Severity: HIGH

Apr 17, 2025

Displaying 10 of 118 Total Entries

1 2 3 4 5 ... 12

Total 12 Sections