CVE-2026-0640Improper Restriction of Operations within the Bounds of a Memory Buffer in Ac23

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-120Classic Buffer Overflow3 documents3 sources
Severity
7.4HIGHNVD
EPSS
0.1%
top 70.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Tenda Ac23Tenda Ac23 Firmware
Timeline
PublishedJan 6

Description

A weakness has been identified in Tenda AC23 16.03.07.52. This affects the function sscanf of the file /goform/PowerSaveSet. Executing a manipulation of the argument Time can lead to buffer overflow. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5tenda/ac2316.03.07.52
NVDtenda/ac23_firmware16.03.07.52

🔴Vulnerability Details

2
CVEList
Tenda AC23 PowerSaveSet sscanf buffer overflow2026-01-06
GHSA
GHSA-873q-r7q9-7r4r: A weakness has been identified in Tenda AC23 162026-01-06
CVE-2026-0640 — Tenda Ac23 vulnerability | cvebase