Details of VAR-202601-3938

ID

VAR-202601-3938

CVE

CVE-2026-1420

TITLE

Shenzhen Tenda Technology Co.,Ltd. of ac23 Multiple vulnerabilities in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-002055

DESCRIPTION

A flaw has been found in Tenda AC23 16.03.07.52. This impacts an unknown function of the file /goform/WifiExtraSet. This manipulation of the argument wpapsk_crypto causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used. Tenda AC23 version of 16.03.07.52 A vulnerability was discovered in . An exploit has been made public and may be used.All information handled by the software may be leaked to the outside. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-1420 // JVNDB: JVNDB-2026-002055

AFFECTED PRODUCTS

vendor:	tenda	model:	ac23	scope:	eq	version:	16.03.07.52	Trust: 1.0
vendor:	tenda	model:	ac23	scope:	eq	version:	-	Trust: 0.8
vendor:	tenda	model:	ac23	scope:	eq	version:	ac23 firmware 16.03.07.52	Trust: 0.8
vendor:	tenda	model:	ac23	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2026-002055 // NVD: CVE-2026-1420

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2026-1420
value:	HIGH
Trust: 1.0
nvd@nist.gov:	CVE-2026-1420
value:	CRITICAL
Trust: 1.0
OTHER:	JVNDB-2026-002055
value:	CRITICAL
Trust: 0.8

cna@vuldb.com:	CVE-2026-1420
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2026-002055
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8

cna@vuldb.com:	CVE-2026-1420
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2026-1420
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2026-002055
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2026-002055 // NVD: CVE-2026-1420 // NVD: CVE-2026-1420

PROBLEMTYPE DATA

problemtype:	CWE-120	Trust: 1.0
problemtype:	CWE-119	Trust: 1.0
problemtype:	Buffer error (CWE-119) [ others ]	Trust: 0.8
problemtype:	Classic buffer overflow (CWE-120) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2026-002055 // NVD: CVE-2026-1420

PATCH

title:

Submit #736559

url:

https://github.com/xyh4ck/iot_poc/blob/main/Tenda%20AC23_Buffer_Overflow_WifiExtraSet/Tenda%20AC23_Buffer_Overflow_WifiExtraSet.md

Trust: 0.8

sources: JVNDB: JVNDB-2026-002055

EXTERNAL IDS

db:	NVD	id:	CVE-2026-1420	Trust: 2.6
db:	VULDB	id:	342836	Trust: 1.0
db:	JVNDB	id:	JVNDB-2026-002055	Trust: 0.8

sources: JVNDB: JVNDB-2026-002055 // NVD: CVE-2026-1420

REFERENCES

url:	https://www.tenda.com.cn/	Trust: 1.8
url:	https://github.com/xyh4ck/iot_poc/blob/main/tenda%20ac23_buffer_overflow_wifiextraset/tenda%20ac23_buffer_overflow_wifiextraset.md#poc	Trust: 1.8
url:	https://github.com/xyh4ck/iot_poc/blob/main/tenda%20ac23_buffer_overflow_wifiextraset/tenda%20ac23_buffer_overflow_wifiextraset.md	Trust: 1.0
url:	https://vuldb.com/?ctiid.342836	Trust: 1.0
url:	https://vuldb.com/?submit.736559	Trust: 1.0
url:	https://vuldb.com/?id.342836	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2026-1420	Trust: 0.8

sources: JVNDB: JVNDB-2026-002055 // NVD: CVE-2026-1420

SOURCES

db:	JVNDB	id:	JVNDB-2026-002055
db:	NVD	id:	CVE-2026-1420

LAST UPDATE DATE

2026-01-30T23:42:40.037000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2026-002055	date:	2026-01-29T06:59:00
db:	NVD	id:	CVE-2026-1420	date:	2026-01-28T14:44:39.930

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2026-002055	date:	2026-01-29T00:00:00
db:	NVD	id:	CVE-2026-1420	date:	2026-01-26T06:16:04.073