Details of VAR-202601-0196

ID

VAR-202601-0196

CVE

CVE-2026-0640

TITLE

Shenzhen Tenda Technology Co.,Ltd. of ac23 Multiple vulnerabilities in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-001464

DESCRIPTION

A weakness has been identified in Tenda AC23 16.03.07.52. This affects the function sscanf of the file /goform/PowerSaveSet. Executing a manipulation of the argument Time can lead to buffer overflow. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. Tenda AC23 16.03.07.52 The vulnerability was discovered in the file /goform/PowerSaveSet function of sscanf Affects the argument Time The following operation can cause a buffer overflow. Exploits are publicly available and may be used in attacks.All information handled by the software may be leaked to the outside. All information handled by the software may be rewritten. Furthermore, the software may stop working completely

Trust: 1.62

sources: NVD: CVE-2026-0640 // JVNDB: JVNDB-2026-001464

AFFECTED PRODUCTS

vendor:	tenda	model:	ac23	scope:	eq	version:	16.03.07.52	Trust: 1.0
vendor:	tenda	model:	ac23	scope:	-	version:	-	Trust: 0.8
vendor:	tenda	model:	ac23	scope:	eq	version:	ac23 firmware 16.03.07.52	Trust: 0.8
vendor:	tenda	model:	ac23	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2026-001464 // NVD: CVE-2026-0640

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2026-0640
value:	HIGH
Trust: 1.0
nvd@nist.gov:	CVE-2026-0640
value:	CRITICAL
Trust: 1.0
OTHER:	JVNDB-2026-001464
value:	CRITICAL
Trust: 0.8

cna@vuldb.com:	CVE-2026-0640
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2026-001464
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8

cna@vuldb.com:	CVE-2026-0640
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2026-0640
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2026-001464
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2026-001464 // NVD: CVE-2026-0640 // NVD: CVE-2026-0640

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.0
problemtype:	CWE-120	Trust: 1.0
problemtype:	Buffer error (CWE-119) [ others ]	Trust: 0.8
problemtype:	Classic buffer overflow (CWE-120) [ others ]	Trust: 0.8
problemtype:	Classic buffer overflow (CWE-120) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2026-001464 // NVD: CVE-2026-0640

PATCH

title:

Tenda AC23 V16.03.07.52 Buffer Overflow

url:

https://github.com/xyh4ck/iot_poc/blob/main/Tenda%20AC23_Buffer_Overflow/Tenda%20AC23_Buffer_Overflow.md

Trust: 0.8

sources: JVNDB: JVNDB-2026-001464

EXTERNAL IDS

db:	NVD	id:	CVE-2026-0640	Trust: 2.6
db:	VULDB	id:	339683	Trust: 1.0
db:	JVNDB	id:	JVNDB-2026-001464	Trust: 0.8

sources: JVNDB: JVNDB-2026-001464 // NVD: CVE-2026-0640

REFERENCES

url:	https://www.tenda.com.cn/	Trust: 1.8
url:	https://github.com/xyh4ck/iot_poc/blob/main/tenda%20ac23_buffer_overflow/tenda%20ac23_buffer_overflow.md#poc	Trust: 1.0
url:	https://vuldb.com/?ctiid.339683	Trust: 1.0
url:	https://github.com/xyh4ck/iot_poc/blob/main/tenda%20ac23_buffer_overflow/tenda%20ac23_buffer_overflow.md	Trust: 1.0
url:	https://vuldb.com/?submit.731772	Trust: 1.0
url:	https://vuldb.com/?id.339683	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2026-0640	Trust: 0.8

sources: JVNDB: JVNDB-2026-001464 // NVD: CVE-2026-0640

SOURCES

db:	JVNDB	id:	JVNDB-2026-001464
db:	NVD	id:	CVE-2026-0640

LAST UPDATE DATE

2026-01-19T23:36:55.055000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2026-001464	date:	2026-01-19T06:07:00
db:	NVD	id:	CVE-2026-0640	date:	2026-01-15T19:17:30.190

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2026-001464	date:	2026-01-19T00:00:00
db:	NVD	id:	CVE-2026-0640	date:	2026-01-06T16:15:57.293