CVE-2026-5547

MEDIUM

Tenda AC10 httpd formAddMacfilterRule os command injection

Title source: cna

Description

A vulnerability has been found in Tenda AC10 16.03.10.10_multi_TDE01. Affected is the function formAddMacfilterRule of the file /bin/httpd. Such manipulation leads to os command injection. It is possible to launch the attack remotely. Multiple endpoints might be affected.

References (5)

Scores

CVSS v3 6.3
EPSS 0.0083
EPSS Percentile 74.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Details

CWE
CWE-77 CWE-78
Status published
Products (1)
Tenda/AC10 16.03.10.10_multi_TDE01
Published Apr 05, 2026
Tracked Since Apr 05, 2026