Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsTraining
StudyProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Training
Study
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1921+ Articles
150+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
  1. Home
  2. Security
  3. CVE-2026-51380: Tenda AC10 v3 Buffer Overflow Enables DoS and Remote Code Execution
CVE-2026-51380: Tenda AC10 v3 Buffer Overflow Enables DoS and Remote Code Execution

Critical Security Alert

This vulnerability is actively being exploited. Immediate action is recommended.

SECURITYCRITICALCVE-2026-51380

CVE-2026-51380: Tenda AC10 v3 Buffer Overflow Enables DoS and Remote Code Execution

A critical CVSS 9.8 buffer overflow vulnerability in Tenda AC10 v3 firmware V03.03.16.09 allows remote attackers to cause permanent denial of service or execute arbitrary code via the /cgi-bin/UploadCfg endpoint.

Dylan H.

Security Team

July 16, 2026
4 min read

Affected Products

  • Tenda AC10 v3 Firmware V03.03.16.09

Executive Summary

A critical buffer overflow vulnerability (CVSS 9.8) has been disclosed in the Tenda AC10 v3 home router, affecting firmware version V03.03.16.09. Tracked as CVE-2026-51380, the flaw exists in the /cgi-bin/UploadCfg endpoint and can be triggered remotely by an unauthenticated attacker.

Successful exploitation can cause a permanent Denial of Service (DoS) — requiring physical power cycle to restore — or potentially enable remote code execution (RCE) on the device, granting full control over the router and any network traffic passing through it.


Technical Details

Vulnerability Description

The Tenda AC10 v3 firmware processes configuration file uploads through the /cgi-bin/UploadCfg CGI handler. This handler fails to properly validate the size or content of the supplied data before copying it into a fixed-size stack buffer. A carefully crafted oversized upload payload can overflow this buffer, overwriting adjacent stack memory.

Consequences of exploitation:

  • DoS — Overwriting critical stack structures causes the CGI process (and the router's web management daemon) to crash. In the Tenda AC10 v3, this crash is unrecoverable without a physical power cycle, resulting in permanent service disruption.
  • RCE — A precisely crafted payload can overwrite the function return address, redirecting execution flow to attacker-controlled shellcode or ROP gadgets loaded in memory. This grants the attacker root-level code execution on the router's MIPS/ARM processor.

Attack Vector

The /cgi-bin/UploadCfg endpoint is accessible from the router's LAN-side web interface and, in many home deployments, may be inadvertently exposed to the WAN through port forwarding rules or UPnP misconfigurations.

No authentication is required to trigger the overflow in the tested firmware version.

CVSS Score Breakdown

MetricValue
Base Score9.8 (Critical)
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
Confidentiality ImpactHigh
Integrity ImpactHigh
Availability ImpactHigh

Affected Versions

ProductFirmware VersionStatus
Tenda AC10 v3V03.03.16.09Vulnerable

Note: No firmware patch has been released by Tenda at the time of this advisory. Check the Tenda support page for updates.


Remediation

As of the publication date, no official patch is available from Tenda. Users should apply the following mitigations immediately:

Mitigations

  1. Disable remote management — Ensure the router's web management interface is not accessible from the WAN. Disable WAN-facing HTTP/HTTPS management in the router settings.
  2. Disable UPnP — Prevent automatic port forwarding rules from exposing the management interface externally.
  3. Restrict LAN access — If possible, limit access to the router's admin interface to specific trusted devices using IP-based ACLs or VLAN segmentation.
  4. Replace or retire the device — Given Tenda's history of slow or absent patching for end-of-life devices, users with critical network security requirements should consider replacing the AC10 v3 with a regularly updated device.
  5. Monitor for anomalous activity — If the router is suspected to have been compromised, treat all traffic it processed as potentially intercepted. Rotate credentials for services accessed through the network.

Context: IoT Router Vulnerabilities

Buffer overflow vulnerabilities in consumer routers remain among the most persistent and dangerous vulnerability classes in the IoT space. Devices like the Tenda AC10 are often deployed for years beyond their supported firmware lifecycle, leaving millions of home and small office networks exposed to vulnerabilities with no vendor remediation path.

The Tenda AC10 v3 has been the subject of multiple prior CVEs across its firmware versions, highlighting a systemic lack of memory-safe programming practices in its CGI handler codebase.


References

  • NVD — CVE-2026-51380
  • Tenda AC10 Product Page
#CVE-2026-51380#Tenda#Buffer Overflow#Router#RCE#IoT#Network Security#Critical

Related Articles

Tenda A15 UploadCfg Stack Buffer Overflow (CVE-2026-4567)

A CVSS 9.8 Critical stack-based buffer overflow in Tenda A15 firmware 15.13.07.13 allows unauthenticated remote attackers to execute arbitrary code by...

5 min read

CVE-2026-7154: Totolink A8000RU OS Command Injection via CGI Handler

A critical unauthenticated OS command injection vulnerability in the Totolink A8000RU router firmware 7.1cu.643_b20200521 allows remote attackers to...

5 min read

D-Link DHP-1320 SOAP Handler Stack Buffer Overflow

A CVSS 8.8 stack-based buffer overflow in D-Link DHP-1320 firmware 1.00WWB04 allows unauthenticated remote attackers to execute arbitrary code via a...

5 min read
Back to all Security Alerts