Tenda Ac23 Firmware vulnerabilities

CVE-2026-1420 [HIGH] CWE-119 CVE-2026-1420: A flaw has been found in Tenda AC23 16.03.07.52. This impacts an unknown function of the file /gofor A flaw has been found in Tenda AC23 16.03.07.52. This impacts an unknown function of the file /goform/WifiExtraSet. This manipulation of the argument wpapsk_crypto causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used.

CVE-2026-0640 [HIGH] CWE-119 CVE-2026-0640: A weakness has been identified in Tenda AC23 16.03.07.52. This affects the function sscanf of the fi A weakness has been identified in Tenda AC23 16.03.07.52. This affects the function sscanf of the file /goform/PowerSaveSet. Executing a manipulation of the argument Time can lead to buffer overflow. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.

CVE-2025-15217 [HIGH] CWE-119 CVE-2025-15217: A security flaw has been discovered in Tenda AC23 16.03.07.52. Affected is the function formSetPPTPU A security flaw has been discovered in Tenda AC23 16.03.07.52. Affected is the function formSetPPTPUserList of the component HTTP POST Request Handler. Performing a manipulation of the argument list results in buffer overflow. The attack can be initiated remotely.

CVE-2025-15216 [HIGH] CWE-119 CVE-2025-15216: A vulnerability was identified in Tenda AC23 16.03.07.52. This impacts the function fromSetIpMacBind A vulnerability was identified in Tenda AC23 16.03.07.52. This impacts the function fromSetIpMacBind of the file /goform/SetIpMacBind. Such manipulation of the argument bindnum leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be used.

CVE-2025-12596 [HIGH] CWE-119 CVE-2025-12596: A security vulnerability has been detected in Tenda AC23 16.03.07.52. Affected is the function saveP A security vulnerability has been detected in Tenda AC23 16.03.07.52. Affected is the function saveParentControlInfo of the file /goform/saveParentControlInfo. Such manipulation of the argument Time leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.

CVE-2025-12595 [HIGH] CWE-119 CVE-2025-12595: A weakness has been identified in Tenda AC23 16.03.07.52. This impacts the function formSetVirtualSe A weakness has been identified in Tenda AC23 16.03.07.52. This impacts the function formSetVirtualSer of the file /goform/SetVirtualServerCfg. This manipulation of the argument list causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.

CVE-2025-11356 [HIGH] CWE-119 CVE-2025-11356: A vulnerability was found in Tenda AC23 up to 16.03.07.52. Affected by this issue is the function ss A vulnerability was found in Tenda AC23 up to 16.03.07.52. Affected by this issue is the function sscanf of the file /goform/SetStaticRouteCfg. The manipulation of the argument list results in buffer overflow. It is possible to launch the attack remotely. The exploit has been made public and could be used.

CVE-2025-10803 [HIGH] CWE-119 CVE-2025-10803: A vulnerability has been found in Tenda AC23 up to 16.03.07.52. Affected by this vulnerability is th A vulnerability has been found in Tenda AC23 up to 16.03.07.52. Affected by this vulnerability is the function sscanf of the file /goform/SetPptpServerCfg of the component HTTP POST Request Handler. Such manipulation of the argument startIp leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the pu

CVE-2025-9605 [HIGH] CWE-119 CVE-2025-9605: A security vulnerability has been detected in Tenda AC21 and AC23 16.03.08.16. Affected is the funct A security vulnerability has been detected in Tenda AC21 and AC23 16.03.08.16. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. Such manipulation of the argument mac leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.

CVE-2025-8060 [HIGH] CWE-119 CVE-2025-8060: A vulnerability has been found in Tenda AC23 16.03.07.52 and classified as critical. Affected by thi A vulnerability has been found in Tenda AC23 16.03.07.52 and classified as critical. Affected by this vulnerability is the function sub_46C940 of the file /goform/setMacFilterCfg of the component httpd. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to

CVE-2025-3167 [HIGH] CWE-404 CVE-2025-3167: A vulnerability, which was classified as problematic, has been found in Tenda AC23 16.03.07.52. This A vulnerability, which was classified as problematic, has been found in Tenda AC23 16.03.07.52. This issue affects some unknown processing of the file /goform/VerAPIMant of the component API Interface. The manipulation of the argument getuid leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public an

CVE-2023-24334 [HIGH] CWE-121 CVE-2023-24334: A stack overflow vulnerability in Tenda AC23 with firmware version US_AC23V1.0re_V16.03.07.45_cn_TDC A stack overflow vulnerability in Tenda AC23 with firmware version US_AC23V1.0re_V16.03.07.45_cn_TDC01 allows attackers to run arbitrary commands via schedStartTime parameter.

CVE-2023-40799 [CRITICAL] CWE-787 CVE-2023-40799: Tenda AC23 Vv16.03.07.45_cn is vulnerable to Buffer Overflow via sub_450A4C function. Tenda AC23 Vv16.03.07.45_cn is vulnerable to Buffer Overflow via sub_450A4C function.

CVE-2023-40797 [HIGH] CWE-20 CVE-2023-40797: In Tenda AC23 v16.03.07.45_cn, the sub_4781A4 function does not validate the parameters entered by t In Tenda AC23 v16.03.07.45_cn, the sub_4781A4 function does not validate the parameters entered by the user, resulting in a post-authentication stack overflow vulnerability.

CVE-2023-40800 [HIGH] CWE-20 CVE-2023-40800: The compare_parentcontrol_time function does not authenticate user input parameters, resulting in a The compare_parentcontrol_time function does not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability in Tenda AC23 v16.03.07.45_cn.

CVE-2023-40798 [HIGH] CWE-20 CVE-2023-40798: In Tenda AC23 v16.03.07.45_cn, the formSetIPv6status and formGetWanParameter functions do not authen In Tenda AC23 v16.03.07.45_cn, the formSetIPv6status and formGetWanParameter functions do not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability.

CVE-2023-40802 [MEDIUM] CWE-787 CVE-2023-40802: The get_parentControl_list_Info function does not verify the parameters entered by the user, causing The get_parentControl_list_Info function does not verify the parameters entered by the user, causing a post-authentication heap overflow vulnerability in Tenda AC23 v16.03.07.45_cn

CVE-2023-2649 [HIGH] CWE-77 CVE-2023-2649: A vulnerability was found in Tenda AC23 16.03.07.45_cn. It has been declared as critical. This vulne A vulnerability was found in Tenda AC23 16.03.07.45_cn. It has been declared as critical. This vulnerability affects unknown code of the file /bin/ate of the component Service Port 7329. The manipulation of the argument v2 leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-2

CVE-2023-0782 [HIGH] CWE-787 CVE-2023-0782: A vulnerability was found in Tenda AC23 16.03.07.45 and classified as critical. Affected by this iss A vulnerability was found in Tenda AC23 16.03.07.45 and classified as critical. Affected by this issue is the function formSetSysToolDDNS/formGetSysToolDDNS of the file /bin/httpd. The manipulation leads to out-of-bounds write. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulne

CVE-2022-43105 [CRITICAL] CWE-787 CVE-2022-43105: Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the shareSpeed parameter i Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the shareSpeed parameter in the fromSetWifiGusetBasic function.