External risk intelligence

Tenda AC10 v3 Buffer Overflow Allows Remote Code Execution or DoS

CVE advisorySeverity: CRITICAL (CVSS 9.8)

CVE-2026-51380

The vulnerability affects a consumer router, which is commonly deployed at the network edge. The affected endpoint is part of the device's web management interface, which is frequently exposed to the local network and, in many default or misconfigured deployments, potentially accessible via the public internet.

Buffer Overflow

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

External exposure likelihood

Horizon Alert

Summary of the vulnerability and why it matters

A critical buffer overflow vulnerability has been identified in the firmware of Tenda AC10 v3 routers, specifically through the /cgi-bin/UploadCfg endpoint. This weakness could allow attackers to cause a denial of service or potentially execute remote code, impacting the availability and integrity of network services. Given the widespread use of such devices at network edges, confirming relevance and exposure is the primary concern.

  • Attackers could disrupt router service.
  • Network edge devices are common targets.
  • Confirm relevance and exposure.

Attack Path

How an attacker could exploit the issue

An attacker can target the Tenda AC10 v3 router by sending specially crafted data to its web management interface. This interaction exploits a buffer overflow vulnerability in the `/cgi-bin/UploadCfg` endpoint, which could lead to a denial of service or allow remote code execution.

  • No authentication required for attack.
  • Triggered by uploading a configuration file.
  • Risk of denial of service or code execution.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability could impact the availability and integrity of a Tenda AC10 v3 router. When supported by the advisory, attackers could exploit this by sending specially crafted requests to the /cgi-bin/UploadCfg endpoint, potentially leading to a permanent denial of service or unauthorized remote code execution.

  • Router availability.
  • Remote exploitation via web interface.
  • Disruption of network services.

Operational Fix

Recommended remediation, mitigation, and detection steps

This vulnerability in Tenda AC10 v3 devices likely impacts end-users or internal IT support responsible for home or small office networking equipment. The first practical step is to identify all instances of the affected device, confirm its accessibility from the internet or business-critical networks, and then determine the accountable owner for remediation, which may involve vendor coordination or device replacement based on risk.

  • End-user or IT support owns the issue.
  • Verify internet exposure of the device.
  • Plan for device replacement or vendor support.

Supplementary metadata

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Frequently asked questions

What is the Tenda AC10 v3 and what is it used for?

The Tenda AC10 v3 is a consumer-grade wireless router designed to provide network connectivity for homes and small office environments. It manages internet traffic for connected devices and provides a web-based management interface that allows users to configure network settings, security features, and system preferences.

How does CVE-2026-51380 cause a security risk?

This vulnerability is classified as a CWE-120 buffer overflow. It occurs when the router's software attempts to store more data in a memory buffer than it is designed to hold. In the context of CVE-2026-51380, this flaw allows an attacker to overwrite adjacent memory, which can crash the device permanently or potentially run unauthorized commands on the system.

What triggers this buffer overflow on the router?

The issue is triggered by sending specially crafted data to the device's /cgi-bin/UploadCfg endpoint. This specific endpoint is designed for configuration file uploads. Simply visiting the web interface without performing this specific upload action does not trigger the vulnerability.

Why is this CVE considered relevant for my network?

Halo Surface Signal notes that because this is a consumer router, it sits at the network edge. If your router is configured to allow access to its management interface from the public internet—or is exposed on a broad internal network—it is more reachable by unauthorized parties who might attempt to send the malicious data required to exploit this flaw.

What are the first steps to address this Tenda AC10 v3 vulnerability?

Begin by creating an inventory of your networking hardware to locate any Tenda AC10 v3 units. Check your router's settings to ensure the management interface is not accessible from the internet. Consult the manufacturer's official support resources for firmware updates, and if no official fix is available, evaluate the risk of continued use and consider replacing the device to maintain network security.

References