OS Command Injection Vulnerability in Tenda AC10 Router
CVE-2026-5547

5.3MEDIUM

Key Information:

Vendor

Tenda
Status
Ac10
Vendor
CVE Published:
5 April 2026

What is CVE-2026-5547?

A security vulnerability exists in the Tenda AC10 router, specifically in the function formAddMacfilterRule of the /bin/httpd file. This vulnerability allows for OS command injection, potentially enabling remote attackers to execute arbitrary commands on the affected device. Given the nature of the vulnerability, multiple endpoints may be at risk if exploited.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

AC10 16.03.10.10_multi_TDE01

References

https://vuldb.com/vuln/355311
vdb-entrytechnical-description
https://vuldb.com/vuln/355311/cti
signaturepermissions-required
https://vuldb.com/submit/782296
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

CoreNode (VulDB User)
JSON
.