HIGHCVE-2026-0640Published 2026-01-06Modified 2026-02-23CNA VulDB

CVE-2026-0640: Tenda AC23 PowerSaveSet sscanf buffer overflow

A weakness has been identified in Tenda AC23 16.03.07.52. This affects the function sscanf of the file /goform/PowerSaveSet. Executing a manipulation of the argument Time can lead to buffer overflow. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.

CVSS v4.0: 8.7
Severity: HIGH
Fixed in: —
Affected Products: 1

Affected packages

Tenda / AC23
16.03.07.52

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

References

VDB-339683 | Tenda AC23 PowerSaveSet sscanf buffer overflow
VDB-339683 | CTI Indicators (IOB, IOC, IOA)
Submit #731772 | Tenda AC23 V16.03.07.52 Buffer Overflow
github.com
github.com
tenda.com.cn

Metrics