CVE-2026-0640
Tenda AC23 PowerSaveSet sscanf buffer overflow
CVSS Score
8.8
EPSS Score
0.0%
EPSS Percentile
0th
A weakness has been identified in Tenda AC23 16.03.07.52. This affects the function sscanf of the file /goform/PowerSaveSet. Executing a manipulation of the argument Time can lead to buffer overflow. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.
| CWE | CWE-120 CWE-119 |
| Vendor | tenda |
| Product | ac23 |
| Published | Jan 6, 2026 |
| Last Updated | Feb 23, 2026 |
Stay Ahead of the Next One
Get instant alerts for tenda ac23
Be the first to know when new high vulnerabilities affecting tenda ac23 are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
Tenda / AC23
16.03.07.52
References
vuldb.com: https://vuldb.com/?id.339683 vuldb.com: https://vuldb.com/?ctiid.339683 vuldb.com: https://vuldb.com/?submit.731772 github.com: https://github.com/xyh4ck/iot_poc/blob/main/Tenda%20AC23_Buffer_Overflow/Tenda%20AC23_Buffer_Overflow.md github.com: https://github.com/xyh4ck/iot_poc/blob/main/Tenda%20AC23_Buffer_Overflow/Tenda%20AC23_Buffer_Overflow.md#poc tenda.com.cn: https://www.tenda.com.cn/
Credits
๐ xuanyu (VulDB User)