Details of VAR-202603-0017

ID

VAR-202603-0017

CVE

CVE-2026-3400

TITLE

Shenzhen Tenda Technology Co.,Ltd. of AC15 Multiple vulnerabilities in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-005908

DESCRIPTION

A security flaw has been discovered in Tenda AC15 up to 15.13.07.13. Affected by this issue is some unknown functionality of the file /goform/TextEditingConversion. The manipulation of the argument wpapsk_crypto2_4g results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. Exploits have been made public and may be used in attacks.All information handled by the software may be leaked to the outside. All information handled by the software may be rewritten. Furthermore, the software may stop working completely

Trust: 1.62

sources: NVD: CVE-2026-3400 // JVNDB: JVNDB-2026-005908

AFFECTED PRODUCTS

vendor:	tenda	model:	ac15	scope:	lte	version:	15.13.07.13	Trust: 1.0
vendor:	tenda	model:	ac15	scope:	lte	version:	ac15 firmware 15.13.07.13 and earlier	Trust: 0.8
vendor:	tenda	model:	ac15	scope:	eq	version:	-	Trust: 0.8
vendor:	tenda	model:	ac15	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2026-005908 // NVD: CVE-2026-3400

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2026-3400
value:	HIGH
Trust: 1.0
nvd@nist.gov:	CVE-2026-3400
value:	CRITICAL
Trust: 1.0
OTHER:	JVNDB-2026-005908
value:	CRITICAL
Trust: 0.8

cna@vuldb.com:	CVE-2026-3400
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2026-005908
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8

cna@vuldb.com:	CVE-2026-3400
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2026-3400
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2026-005908
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2026-005908 // NVD: CVE-2026-3400 // NVD: CVE-2026-3400

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.0
problemtype:	CWE-787	Trust: 1.0
problemtype:	CWE-121	Trust: 1.0
problemtype:	Buffer error (CWE-119) [ others ]	Trust: 0.8
problemtype:	Stack-based buffer overflow (CWE-121) [ others ]	Trust: 0.8
problemtype:	Out-of-bounds writing (CWE-787) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2026-005908 // NVD: CVE-2026-3400

PATCH

title:

Tenda A15 V15.13.07.13 Stack-based Buffer Overflow YuqueYuque

url:

https://vuldb.com/?id.348295

Trust: 0.8

sources: JVNDB: JVNDB-2026-005908

EXTERNAL IDS

db:	NVD	id:	CVE-2026-3400	Trust: 2.6
db:	VULDB	id:	348295	Trust: 1.0
db:	JVNDB	id:	JVNDB-2026-005908	Trust: 0.8

sources: JVNDB: JVNDB-2026-005908 // NVD: CVE-2026-3400

REFERENCES

url:	https://www.tenda.com.cn/	Trust: 1.8
url:	https://www.yuque.com/ba1ma0-an29k/nnxoap/tzg68iadbmqx6esm?singledoc#	Trust: 1.0
url:	https://vuldb.com/?ctiid.348295	Trust: 1.0
url:	https://vuldb.com/?id.348295	Trust: 1.0
url:	https://vuldb.com/?submit.760109	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2026-3400	Trust: 0.8

sources: JVNDB: JVNDB-2026-005908 // NVD: CVE-2026-3400

SOURCES

db:	JVNDB	id:	JVNDB-2026-005908
db:	NVD	id:	CVE-2026-3400

LAST UPDATE DATE

2026-03-07T23:49:20.922000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2026-005908	date:	2026-03-05T02:48:00
db:	NVD	id:	CVE-2026-3400	date:	2026-03-03T19:48:04.040

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2026-005908	date:	2026-03-05T00:00:00
db:	NVD	id:	CVE-2026-3400	date:	2026-03-02T00:16:03.293