CVE-2026-0640

HighPublic PoC

Published: 06 January 2026

Published

06 January 2026

Modified

15 January 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0017 38.2th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

A weakness has been identified in Tenda AC23 16.03.07.52. This affects the function sscanf of the file /goform/PowerSaveSet. Executing a manipulation of the argument Time can lead to buffer overflow. The attack can be launched remotely. The exploit has been…

made available to the public and could be used for attacks.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly prevents buffer overflow by validating the 'Time' argument manipulated in the sscanf function of /goform/PowerSaveSet.

SI-16 Memory Protection good match

prevent

Implements memory protections such as ASLR and stack canaries to block unauthorized code execution from the buffer overflow vulnerability.

SI-2 Flaw Remediation good match

prevent

Requires identification, reporting, and correction of the buffer overflow flaw in Tenda AC23 firmware version 16.03.07.52.

Security SummaryAI

CVE-2026-0640 is a buffer overflow vulnerability affecting Tenda AC23 router firmware version 16.03.07.52. The flaw exists in the sscanf function within the /goform/PowerSaveSet file, where manipulation of the Time argument triggers the overflow. Published on 2026-01-06, it is associated with CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-120 (Buffer Copy without Checking Size of Input).

The vulnerability enables remote exploitation by attackers with low privileges (PR:L), requiring no user interaction (UI:N) and low attack complexity (AC:L) over the network (AV:N). Successful exploitation can result in high impacts to confidentiality, integrity, and availability (C:H/I:H/A:H), with a CVSS v3.1 base score of 8.8, potentially allowing arbitrary code execution without changing the security scope (S:U).

Proof-of-concept exploits are publicly available on GitHub, including detailed reproduction steps for the Tenda AC23 buffer overflow. VulDB advisories (CTI ID 339683, ID 339683) document the issue and its submission, but no vendor patches or specific mitigations are referenced in the available sources. Security practitioners should isolate affected devices and monitor for exploitation attempts given the public POC.

Details

CWE(s): CWE-119 CWE-120

Affected Products

tenda

ac23 firmware

16.03.07.52

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

The vulnerability is a buffer overflow in a public-facing web interface (/goform/PowerSaveSet) on a router, enabling remote arbitrary code execution, directly mapping to T1190: Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://github.com/xyh4ck/iot_poc/blob/main/Tenda%20AC23_Buffer_Overflow/Tenda%20AC23_Buffer_Overflow.md
Exploit, Third Party Advisory · cna@vuldb.com
https://github.com/xyh4ck/iot_poc/blob/main/Tenda%20AC23_Buffer_Overflow/Tenda%20AC23_Buffer_Overflow.md#poc
Exploit, Third Party Advisory · cna@vuldb.com
https://vuldb.com/?ctiid.339683
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.339683
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.731772
Third Party Advisory, VDB Entry · cna@vuldb.com
https://www.tenda.com.cn/
Product · cna@vuldb.com