Description
Tenda AC10 v4.0 V16.03.10.13 and V16.03.10.20 firmware has a stack overflow vulnerability via the adslPwd parameter in the formWanParameterSetting function.
References (1)
Core 1
Core References
Broken Link, Exploit, Third Party Advisory
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10/V16.03.10.13/formWanParameterSetting.md
Scores
CVSS v3
7.5
EPSS
0.0025
EPSS Percentile
48.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-121
Status
published
Products (2)
tenda/ac10_firmware
16.03.10.13
tenda/ac10_firmware
16.03.10.20
Published
Apr 17, 2024
Tracked Since
Feb 18, 2026