Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionCVE.org
A vulnerability was determined in Tenda AC10 16.03.10.10_multi_TDE01. Affected by this issue is some unknown functionality of the file /webroot_ro/pem/privkeySrv.pem of the component RSA 2048-bit Private Key Handler. Executing a manipulation can lead to use of hard-coded cryptographic key . The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.
AnalysisAI
Tenda AC10 router firmware 16.03.10.10_multi_TDE01 exposes a hard-coded RSA 2048-bit private key in the world-readable file /webroot_ro/pem/privkeySrv.pem, allowing unauthenticated remote attackers to retrieve sensitive cryptographic material and decrypt encrypted communications. With publicly available exploit code and an EPSS score indicating moderate but real-world feasibility, this vulnerability enables information disclosure attacks against affected router configurations.
Technical ContextAI
This vulnerability exploits CWE-321 (Use of Hard-coded Cryptographic Key), a critical weakness in cryptographic key management. The Tenda AC10 router stores its RSA 2048-bit server private key in an unprotected file accessible via HTTP GET requests without authentication. RSA private keys are foundational to TLS/SSL encryption, certificate signing, and secure communications; exposure of this key completely compromises the confidentiality and authenticity guarantees provided by the router's HTTPS implementation. An attacker with network access to the router (CPE: cpe:2.3:a:tenda:ac10:*:*:*:*:*:*:*:*) can extract the key and decrypt all past and future TLS sessions, forge certificates, or impersonate the router to legitimate clients.
RemediationAI
Upgrade Tenda AC10 firmware to a patched version released by Tenda after the discovery of CVE-2026-5549; consult https://www.tenda.com.cn/ for the latest firmware release notes and supported versions. Interim mitigations include restricting network access to the router's web interface via firewall rules, disabling remote management if not required, and resetting or rotating any certificates that relied on the exposed private key. Verify firmware integrity after upgrade and regenerate any certificates that were signed with the compromised key. Consult VulDB entry https://vuldb.com/vuln/355313 for additional technical details and confirmation of patch availability.
Tenda ONT GPON AC1200 Dual band WiFi HG9 v1.0.1 is vulnerable to Command Injection via the Ping function. Rated high sev
Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 and Tenda N3 Wireless N150 devices allow remote attacke
The Shenzhen Tenda Technology Tenda A5s router with firmware 3.02.05_CN allows remote attackers to bypass authentication
Tenda AC9 v15.03.05.14 was discovered to contain a command injection vulnerability via the Telnet function. Rated critic
In Tenda AC9 v1.0 V15.03.05.14_multi, the wanMTU parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability
Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formSetSambaConf function via
Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formsetUsbUnload function via
Tenda AC23 v16.03.07.44 was discovered to contain a buffer overflow via fromAdvSetMacMtuWan. Rated critical severity (CV
Tenda AC15 v15.03.05.19 is vulnerable to Command Injection via the handler function in /goform/telnet. Rated critical se
Tenda AX1803 v1.0.0.1 was discovered to contain a command injection vulnerability via the function fromAdvSetLanIp. Rate
Tenda AX3 v16.03.12.11 was discovered to contain a remote code execution (RCE) vulnerability via the list parameter at /
In the Tenda ac9 v1.0 router with firmware V15.03.05.14_multi, there is a stack overflow vulnerability in /goform/WifiWp
Same weakness CWE-321 – Use of Hard-coded Cryptographic Key
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-19046
GHSA-7v8w-cr25-ggqq