Tenda Ac10 Firmware
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Tenda Ac10 Firmware.
By the Year
In 2026 there have been 0 vulnerabilities in Tenda Ac10 Firmware. Last year, in 2025 Ac10 Firmware had 15 security vulnerabilities published. Right now, Ac10 Firmware is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 15 | 9.04 |
| 2024 | 7 | 8.80 |
| 2023 | 16 | 8.83 |
| 2022 | 10 | 9.57 |
It may take a day or so for new Ac10 Firmware vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Tenda Ac10 Firmware Security Vulnerabilities
Tenda AC10 16.03.10.13 SysRunCmd buffer overflow via getui
CVE-2025-12622
8.8 - High
- November 03, 2025
A vulnerability was determined in Tenda AC10 16.03.10.13. Affected by this vulnerability is the function formSysRunCmd of the file /goform/SysRunCmd. This manipulation of the argument getui causes buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.
Classic Buffer Overflow
Tenda AC10 16.03.10.13 – Remote Heap BOV via /goform/RequestsProcessLaid (device1D)
CVE-2025-8178
8.8 - High
- July 26, 2025
A vulnerability classified as critical has been found in Tenda AC10 16.03.10.13. Affected is an unknown function of the file /goform/RequestsProcessLaid. The manipulation of the argument device1D leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Buffer Overflow
Tenda AC10 <=15.03.06.47 HTTP Handler buf overflow (CRITICAL)
CVE-2025-5629
9.8 - Critical
- June 05, 2025
A vulnerability, which was classified as critical, was found in Tenda AC10 up to 15.03.06.47. This affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg of the component HTTP Handler. The manipulation of the argument startIp/endIp leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Classic Buffer Overflow
Remote Buffer Overflow in Tenda AC10 16.03.10.13 via /goform/UserCongratulationsExec
CVE-2025-4896
7.5 - High
- May 18, 2025
A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. Affected by this issue is some unknown functionality of the file /goform/UserCongratulationsExec. The manipulation of the argument getuid leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Classic Buffer Overflow
Tenda AC10 v4 Buffer Overflow in GetParentControlInfo (V16.03.10.13)
CVE-2025-44175
- May 12, 2025
Tenda AC10 v4 V16.03.10.13 is vulnerable to Buffer Overflow in the GetParentControlInfo function.
Tenda AC10 Buffer Overflow via PPTP User List (pre V15.03.06.46)
CVE-2025-45779
- May 12, 2025
Tenda AC10 V1.0re_V15.03.06.46 is vulnerable to Buffer Overflow in the formSetPPTPUserList handler via the list POST parameter.
Buffer Overflow in AdvSetMacMtuWan via wanSpeed2 on Tenda AC10 V4.0si
CVE-2025-25454
- April 17, 2025
Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via wanSpeed2.
Tenda AC10 Buffer Overflow in AdvSetMacMtuWan via wanMTU2
CVE-2025-25455
- April 17, 2025
Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via wanMTU2.
Tenda AC10 V4.0si buffer overflow in AdvSetMacMtuWan via cloneType2
CVE-2025-25457
- April 17, 2025
Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via cloneType2.
Buffer Overflow in AdvSetMacMtuWan of Tenda AC10 V4.0si via serviceName2
CVE-2025-25453
- April 15, 2025
Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via serviceName2.
Tenda AC10 Buffer Overflow via serverName2 in AdvSetMacMtuWan (pre-16.03.10.20)
CVE-2025-25458
- April 15, 2025
Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via serverName2.
Tenda AC10 V4.0si V16.03.10.20 – AdvSetMacMtuWan Buffer Overflow
CVE-2025-25456
- April 15, 2025
Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via mac2.
Tenda AC10 16.03.10.13 Buffer Overflow in /goform/ShutdownSetAdd
CVE-2025-3161
8.8 - High
- April 03, 2025
A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. This issue affects the function ShutdownSetAdd of the file /goform/ShutdownSetAdd. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Memory Corruption
Tenda AC10 V15.03.06.23 cmd injection via formexeCommand func
CVE-2025-25675
9.8 - Critical
- February 20, 2025
Tenda AC10 V1.0 V15.03.06.23 has a command injection vulnerablility located in the formexeCommand function. The str variable receives the cmdinput parameter from a POST request and is later assigned to the cmd_buf variable, which is directly used in the doSystemCmd function, causing an arbitrary command execution.
Command Injection
Tenda AC10 V15.03 Buffer Overflow in form_fast_setting_wifi_set (ssid)
CVE-2025-25674
9.8 - Critical
- February 20, 2025
Tenda AC10 V1.0 V15.03.06.23 is vulnerable to Buffer Overflow in form_fast_setting_wifi_set via the parameter ssid.
Classic Buffer Overflow
Stack Buffer Overflow in Tenda AC10 16.03.10.13 via formSetRebootTimer
CVE-2024-11248
8.8 - High
- November 15, 2024
A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. Affected by this issue is the function formSetRebootTimer of the file /goform/SetSysAutoRebbotCfg. The manipulation of the argument rebootTime leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Buffer Overflow
Tenda AC10 Stack Overflow via timeZone
CVE-2024-11061
8.8 - High
- November 11, 2024
A vulnerability classified as critical was found in Tenda AC10 16.03.10.13. Affected by this vulnerability is the function FUN_0044db3c of the file /goform/fast_setting_wifi_set. The manipulation of the argument timeZone leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Buffer Overflow
Tenda AC10 Stack Overflow via wpapsk_crypto
CVE-2024-11056
8.8 - High
- November 10, 2024
A vulnerability, which was classified as critical, was found in Tenda AC10 16.03.10.13. Affected is the function FUN_0046AC38 of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Buffer Overflow
Tenda AC10 v4 Buffer Overflow in httpd via Virtual_Data_Check (pre V16.03.10.20)
CVE-2024-33365
- July 29, 2024
Buffer Overflow vulnerability in Tenda AC10 v4 US_AC10V4.0si_V16.03.10.20_cn allows a remote attacker to execute arbitrary code via the Virtual_Data_Check function in the bin/httpd component.
Stack Overflow in Tenda AC10 v4.0 firmware via adslPwd in formWanParameterSetting
CVE-2024-32317
- April 17, 2024
Tenda AC10 v4.0 V16.03.10.13 and V16.03.10.20 firmware has a stack overflow vulnerability via the adslPwd parameter in the formWanParameterSetting function.
Tenda AC10 16.03.10.13 stack buf overf in /goform/SetStaticRouteCfg
CVE-2024-2581
8.8 - High
- March 18, 2024
A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. This issue affects the function fromSetRouteStatic of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257081 was assigned to this vulnerability.
Memory Corruption
Tenda AC10V4.0 V16.03.10.20 Stack Overflow in sub_49B384 via page param
CVE-2024-25373
- February 15, 2024
Tenda AC10V4.0 V16.03.10.20 was discovered to contain a stack overflow via the page parameter in the sub_49B384 function.
Stack Overflow in Tenda AC10 Firewall Enabling (before v16.03.10.13)
CVE-2023-45481
9.8 - Critical
- November 29, 2023
Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the firewallEn parameter in the function SetFirewallCfg.
Memory Corruption
Tenda AC10 stack overflow via /goform/SetVirtualServerCfg
CVE-2023-34567
6.7 - Medium
- June 08, 2023
Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter list at /goform/SetVirtualServerCfg.
Memory Corruption
Tenda AC10 v4 Stack Overflow via shareSpeed at /goform/WifiGuestSet
CVE-2023-34571
6.7 - Medium
- June 08, 2023
Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter shareSpeed at /goform/WifiGuestSet.
Memory Corruption
Tenda AC10 v4 Stack Overflow via devName in /goform/SetOnlineDevName
CVE-2023-34570
6.7 - Medium
- June 08, 2023
Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter devName at /goform/SetOnlineDevName.
Memory Corruption
Stack Overflow via /goform/SetNetControlList on Tenda AC10 v4
CVE-2023-34569
6.7 - Medium
- June 08, 2023
Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter list at /goform/SetNetControlList.
Memory Corruption
Tenda AC10 v4 stack overflow via /goform/PowerSaveSet time (V16.03.10.13)
CVE-2023-34568
6.7 - Medium
- June 08, 2023
Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter time at /goform/PowerSaveSet.
Memory Corruption
Stack overflow in Tenda AC10 v4 via time param in /goform/saveParentControlInfo
CVE-2023-34566
9.8 - Critical
- June 08, 2023
Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter time at /goform/saveParentControlInfo.
Memory Corruption
Stack Overflow in Tenda AC10 v16.03.10.13 via sub_458FBC DoS/Remote Exec
CVE-2023-27019
9.8 - Critical
- April 07, 2023
Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_458FBC function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.
Memory Corruption
Hardware: Tenda AC10 v4.0 stack overflow in sub_45EC1C (DoS/Code Exec)
CVE-2023-27018
9.8 - Critical
- April 07, 2023
Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_45EC1C function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.
Memory Corruption
Tenda AC10 stack overflow in R7WebsSecurityHandler (V4.0si)
CVE-2023-27016
9.8 - Critical
- April 07, 2023
Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the R7WebsSecurityHandler function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.
Memory Corruption
Tenda AC10 DoS via stack overflow in sub_4A75C0 (pre-fix 1.3)
CVE-2023-27015
9.8 - Critical
- April 07, 2023
Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_4A75C0 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.
Memory Corruption
Tenda AC10 v16.03.10.13 Stack Overflow: Arbitrary Code Exec & DoS
CVE-2023-27014
9.8 - Critical
- April 07, 2023
Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_46AC38 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.
Memory Corruption
Tenda AC10 StackOverflow in get_parentControl_list_Info (V4.0si V16.03.10.13)
CVE-2023-27013
9.8 - Critical
- April 07, 2023
Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the get_parentControl_list_Info function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.
Memory Corruption
Stack Overflow in Tenda AC10 setSchedWifi (pre 16.03.10.13) DoS/Arbitrary Code
CVE-2023-27012
9.8 - Critical
- April 07, 2023
Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the setSchedWifi function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.
Memory Corruption
Tenda AC10 stack overflow in saveParentControlInfo (V16.03.10)
CVE-2023-27020
9.8 - Critical
- April 07, 2023
Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the saveParentControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.
Memory Corruption
Tenda AC10 StackOverflow in formSetFirewallCfg (DoS), v16.03.10.13
CVE-2023-27021
9.8 - Critical
- April 07, 2023
Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the formSetFirewallCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.
Memory Corruption
Tenda AC15 V15.03.06.23 Buffer Overflow in formSetClientState
CVE-2022-46109
7.5 - High
- December 16, 2022
Tenda AC15 V15.03.06.23 is vulnerable to Buffer Overflow via function formSetClientState.
Memory Corruption
Stack Overflow via /goform/addWifiMacFilter in Tenda AC10 v15.03.06.23
CVE-2022-42169
9.8 - Critical
- October 17, 2022
Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/addWifiMacFilter.
Memory Corruption
Tenda AC10 pre-15.03.06.23 Stack Overflow via /goform/fromSetIpMacBind
CVE-2022-42168
9.8 - Critical
- October 17, 2022
Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/fromSetIpMacBind.
Memory Corruption
Stack Overflow in Tenda AC10 V15.03.06.23 via /goform/formSetFirewallCfg
CVE-2022-42167
9.8 - Critical
- October 17, 2022
Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetFirewallCfg.
Memory Corruption
Stack overflow in Tenda AC10 firmware 15.03.06.23 via /goform/formWifiWpsStart
CVE-2022-42170
9.8 - Critical
- October 17, 2022
Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formWifiWpsStart.
Memory Corruption
Tenda AC10 15.03.06.23 Stack Overflow via /goform/saveParentControlInfo
CVE-2022-42171
9.8 - Critical
- October 17, 2022
Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/saveParentControlInfo.
Memory Corruption
Stack Overflow in Tenda AC10 V15.03.06.23 via /goform/formSetSpeedWan
CVE-2022-42166
9.8 - Critical
- October 17, 2022
Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetSpeedWan.
Memory Corruption
Tenda AC10 Stack Overflow via /goform/formSetClientState before V15.03.06.23
CVE-2022-42164
9.8 - Critical
- October 17, 2022
Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetClientState.
Memory Corruption
Tenda AC10 Stack Overflow via /goform/fromNatStaticSetting V15.03.06.23
CVE-2022-42163
9.8 - Critical
- October 17, 2022
Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/fromNatStaticSetting.
Memory Corruption
Stack Overflow via /goform/formSetDeviceName in Tenda AC10 V15.03.06.23
CVE-2022-42165
9.8 - Critical
- October 17, 2022
Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetDeviceName.
Memory Corruption
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Tenda Ac10 Firmware or by Tenda? Click the Watch button to subscribe.
