Search

Find a vulnerability

Search criteria

    54 vulnerabilities found for ac23_firmware by tenda

    CVE-2026-1420 (GCVE-0-2026-1420)

    Vulnerability from nvd – Published: 2026-01-26 05:02 – Updated: 2026-02-23 08:56
    VLAI
    Title
    Tenda AC23 WifiExtraSet buffer overflow
    Summary
    A flaw has been found in Tenda AC23 16.03.07.52. This impacts an unknown function of the file /goform/WifiExtraSet. This manipulation of the argument wpapsk_crypto causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Tenda AC23 Affected: 16.03.07.52
        cpe:2.3:o:tenda:ac23_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    xuanyu (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-1420",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-26T17:03:11.601125Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-26T17:04:03.490Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:tenda:ac23_firmware:*:*:*:*:*:*:*:*"
              ],
              "product": "AC23",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "16.03.07.52"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "xuanyu (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw has been found in Tenda AC23 16.03.07.52. This impacts an unknown function of the file /goform/WifiExtraSet. This manipulation of the argument wpapsk_crypto causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-23T08:56:57.929Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-342836 | Tenda AC23 WifiExtraSet buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.342836"
            },
            {
              "name": "VDB-342836 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.342836"
            },
            {
              "name": "Submit #736559 | Tenda AC23 V16.03.07.52 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.736559"
            },
            {
              "tags": [
                "broken-link",
                "exploit"
              ],
              "url": "https://github.com/xyh4ck/iot_poc/blob/main/Tenda%20AC23_Buffer_Overflow_WifiExtraSet/Tenda%20AC23_Buffer_Overflow_WifiExtraSet.md"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/xyh4ck/iot_poc/blob/main/Tenda%20AC23_Buffer_Overflow_WifiExtraSet/Tenda%20AC23_Buffer_Overflow_WifiExtraSet.md#poc"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-01-25T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-01-25T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-01-29T02:01:26.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda AC23 WifiExtraSet buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-1420",
        "datePublished": "2026-01-26T05:02:07.727Z",
        "dateReserved": "2026-01-25T17:02:07.778Z",
        "dateUpdated": "2026-02-23T08:56:57.929Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0640 (GCVE-0-2026-0640)

    Vulnerability from nvd – Published: 2026-01-06 15:32 – Updated: 2026-02-23 08:21
    VLAI
    Title
    Tenda AC23 PowerSaveSet sscanf buffer overflow
    Summary
    A weakness has been identified in Tenda AC23 16.03.07.52. This affects the function sscanf of the file /goform/PowerSaveSet. Executing a manipulation of the argument Time can lead to buffer overflow. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Tenda AC23 Affected: 16.03.07.52
        cpe:2.3:o:tenda:ac23_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    xuanyu (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0640",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-06T18:08:33.402004Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-06T18:10:01.723Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:tenda:ac23_firmware:*:*:*:*:*:*:*:*"
              ],
              "product": "AC23",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "16.03.07.52"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "xuanyu (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A weakness has been identified in Tenda AC23 16.03.07.52. This affects the function sscanf of the file /goform/PowerSaveSet. Executing a manipulation of the argument Time can lead to buffer overflow. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-23T08:21:03.636Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-339683 | Tenda AC23 PowerSaveSet sscanf buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.339683"
            },
            {
              "name": "VDB-339683 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.339683"
            },
            {
              "name": "Submit #731772 | Tenda AC23 V16.03.07.52 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.731772"
            },
            {
              "tags": [
                "broken-link",
                "exploit"
              ],
              "url": "https://github.com/xyh4ck/iot_poc/blob/main/Tenda%20AC23_Buffer_Overflow/Tenda%20AC23_Buffer_Overflow.md"
            },
            {
              "tags": [
                "broken-link",
                "exploit"
              ],
              "url": "https://github.com/xyh4ck/iot_poc/blob/main/Tenda%20AC23_Buffer_Overflow/Tenda%20AC23_Buffer_Overflow.md#poc"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-01-06T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-01-06T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-01-15T23:02:06.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda AC23 PowerSaveSet sscanf buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-0640",
        "datePublished": "2026-01-06T15:32:08.760Z",
        "dateReserved": "2026-01-06T09:07:14.569Z",
        "dateUpdated": "2026-02-23T08:21:03.636Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-15217 (GCVE-0-2025-15217)

    Vulnerability from nvd – Published: 2025-12-30 03:02 – Updated: 2026-02-24 06:13
    VLAI
    Title
    Tenda AC23 HTTP POST Request formSetPPTPUserList buffer overflow
    Summary
    A security flaw has been discovered in Tenda AC23 16.03.07.52. Affected is the function formSetPPTPUserList of the component HTTP POST Request Handler. Performing a manipulation of the argument list results in buffer overflow. The attack can be initiated remotely.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Tenda AC23 Affected: 16.03.07.52
        cpe:2.3:o:tenda:ac23_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    wxhwxhwxh_tutu (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-15217",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-30T18:45:22.732890Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-30T18:45:25.252Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://lavender-bicycle-a5a.notion.site/Tenda-AC23-formSetPPTPUserList-2d753a41781f8091b772cf9e66a687f1"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:tenda:ac23_firmware:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "HTTP POST Request Handler"
              ],
              "product": "AC23",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "16.03.07.52"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wxhwxhwxh_tutu (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security flaw has been discovered in Tenda AC23 16.03.07.52. Affected is the function formSetPPTPUserList of the component HTTP POST Request Handler. Performing a manipulation of the argument list results in buffer overflow. The attack can be initiated remotely."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-24T06:13:47.735Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-338602 | Tenda AC23 HTTP POST Request formSetPPTPUserList buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.338602"
            },
            {
              "name": "VDB-338602 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.338602"
            },
            {
              "name": "Submit #725448 | Tenda AC23 AC23 V16.03.07.52 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.725448"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://lavender-bicycle-a5a.notion.site/Tenda-AC23-formSetPPTPUserList-2d753a41781f8091b772cf9e66a687f1?source=copy_link"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-12-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-12-28T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-01-03T14:53:52.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda AC23 HTTP POST Request formSetPPTPUserList buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-15217",
        "datePublished": "2025-12-30T03:02:07.501Z",
        "dateReserved": "2025-12-28T15:36:53.443Z",
        "dateUpdated": "2026-02-24T06:13:47.735Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-15216 (GCVE-0-2025-15216)

    Vulnerability from nvd – Published: 2025-12-30 02:32 – Updated: 2026-02-24 06:13
    VLAI
    Title
    Tenda AC23 SetIpMacBind fromSetIpMacBind stack-based overflow
    Summary
    A vulnerability was identified in Tenda AC23 16.03.07.52. This impacts the function fromSetIpMacBind of the file /goform/SetIpMacBind. Such manipulation of the argument bindnum leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.338601 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.338601 signaturepermissions-required
    https://vuldb.com/?submit.725447 third-party-advisory
    https://lavender-bicycle-a5a.notion.site/Tenda-AC… exploit
    https://www.tenda.com.cn/ product
    Impacted products
    Vendor Product Version
    Tenda AC23 Affected: 16.03.07.52
        cpe:2.3:o:tenda:ac23_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    yhryhryhr_miemie (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-15216",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-30T18:45:45.918183Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-30T18:45:52.248Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:tenda:ac23_firmware:*:*:*:*:*:*:*:*"
              ],
              "product": "AC23",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "16.03.07.52"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "yhryhryhr_miemie (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was identified in Tenda AC23 16.03.07.52. This impacts the function fromSetIpMacBind of the file /goform/SetIpMacBind. Such manipulation of the argument bindnum leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-24T06:13:33.535Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-338601 | Tenda AC23 SetIpMacBind fromSetIpMacBind stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.338601"
            },
            {
              "name": "VDB-338601 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.338601"
            },
            {
              "name": "Submit #725447 | Tenda AC23 AC23 V16.03.07.52 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.725447"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://lavender-bicycle-a5a.notion.site/Tenda-AC23-SetIpMacBind-2d753a41781f8026a001f16e85226a21?source=copy_link"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-12-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-12-28T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-01-03T14:53:52.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda AC23 SetIpMacBind fromSetIpMacBind stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-15216",
        "datePublished": "2025-12-30T02:32:08.203Z",
        "dateReserved": "2025-12-28T15:36:47.477Z",
        "dateUpdated": "2026-02-24T06:13:33.535Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-12596 (GCVE-0-2025-12596)

    Vulnerability from nvd – Published: 2025-11-02 10:32 – Updated: 2026-02-24 06:21
    VLAI
    Title
    Tenda AC23 saveParentControlInfo buffer overflow
    Summary
    A security vulnerability has been detected in Tenda AC23 16.03.07.52. Affected is the function saveParentControlInfo of the file /goform/saveParentControlInfo. Such manipulation of the argument Time leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.330891 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.330891 signaturepermissions-required
    https://vuldb.com/?submit.677585 third-party-advisory
    https://github.com/LX-LX88/cve/issues/9 broken-linkexploitissue-tracking
    https://www.tenda.com.cn/ product
    Impacted products
    Vendor Product Version
    Tenda AC23 Affected: 16.03.07.52
        cpe:2.3:o:tenda:ac23_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    LX-LX (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12596",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-03T14:54:36.500458Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-03T14:54:39.493Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/LX-LX88/cve/issues/9"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:tenda:ac23_firmware:*:*:*:*:*:*:*:*"
              ],
              "product": "AC23",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "16.03.07.52"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "LX-LX (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability has been detected in Tenda AC23 16.03.07.52. Affected is the function saveParentControlInfo of the file /goform/saveParentControlInfo. Such manipulation of the argument Time leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-24T06:21:11.086Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-330891 | Tenda AC23 saveParentControlInfo buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.330891"
            },
            {
              "name": "VDB-330891 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.330891"
            },
            {
              "name": "Submit #677585 | Tenda AC23 V16.03.07.52 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.677585"
            },
            {
              "tags": [
                "broken-link",
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/LX-LX88/cve/issues/9"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-01T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-11-01T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-03T15:19:29.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda AC23 saveParentControlInfo buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-12596",
        "datePublished": "2025-11-02T10:32:06.299Z",
        "dateReserved": "2025-11-01T17:21:21.802Z",
        "dateUpdated": "2026-02-24T06:21:11.086Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-12595 (GCVE-0-2025-12595)

    Vulnerability from nvd – Published: 2025-11-02 10:02 – Updated: 2026-02-24 06:20
    VLAI
    Title
    Tenda AC23 SetVirtualServerCfg formSetVirtualSer buffer overflow
    Summary
    A weakness has been identified in Tenda AC23 16.03.07.52. This impacts the function formSetVirtualSer of the file /goform/SetVirtualServerCfg. This manipulation of the argument list causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.330890 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.330890 signaturepermissions-required
    https://vuldb.com/?submit.677581 third-party-advisory
    https://github.com/LX-LX88/cve/issues/8 broken-linkexploitissue-tracking
    https://www.tenda.com.cn/ product
    Impacted products
    Vendor Product Version
    Tenda AC23 Affected: 16.03.07.52
        cpe:2.3:o:tenda:ac23_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    LX-LX (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12595",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-03T14:55:44.673004Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-03T14:55:49.338Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/LX-LX88/cve/issues/8"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:tenda:ac23_firmware:*:*:*:*:*:*:*:*"
              ],
              "product": "AC23",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "16.03.07.52"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "LX-LX (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A weakness has been identified in Tenda AC23 16.03.07.52. This impacts the function formSetVirtualSer of the file /goform/SetVirtualServerCfg. This manipulation of the argument list causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-24T06:20:56.156Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-330890 | Tenda AC23 SetVirtualServerCfg formSetVirtualSer buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.330890"
            },
            {
              "name": "VDB-330890 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.330890"
            },
            {
              "name": "Submit #677581 | Tenda AC23 V16.03.07.52 Buffer Over",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.677581"
            },
            {
              "tags": [
                "broken-link",
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/LX-LX88/cve/issues/8"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-01T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-11-01T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-03T15:19:29.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda AC23 SetVirtualServerCfg formSetVirtualSer buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-12595",
        "datePublished": "2025-11-02T10:02:07.134Z",
        "dateReserved": "2025-11-01T17:21:18.934Z",
        "dateUpdated": "2026-02-24T06:20:56.156Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-11356 (GCVE-0-2025-11356)

    Vulnerability from nvd – Published: 2025-10-07 07:02 – Updated: 2026-02-24 06:47
    VLAI
    Title
    Tenda AC23 SetStaticRouteCfg sscanf buffer overflow
    Summary
    A vulnerability was found in Tenda AC23 up to 16.03.07.52. Affected by this issue is the function sscanf of the file /goform/SetStaticRouteCfg. The manipulation of the argument list results in buffer overflow. It is possible to launch the attack remotely. The exploit has been made public and could be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.327241 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.327241 signaturepermissions-required
    https://vuldb.com/?submit.664923 third-party-advisory
    https://github.com/cymiao1978/cve/blob/main/12.md exploit
    https://www.tenda.com.cn/ product
    Impacted products
    Vendor Product Version
    Tenda AC23 Affected: 16.03.07.0
    Affected: 16.03.07.1
    Affected: 16.03.07.2
    Affected: 16.03.07.3
    Affected: 16.03.07.4
    Affected: 16.03.07.5
    Affected: 16.03.07.6
    Affected: 16.03.07.7
    Affected: 16.03.07.8
    Affected: 16.03.07.9
    Affected: 16.03.07.10
    Affected: 16.03.07.11
    Affected: 16.03.07.12
    Affected: 16.03.07.13
    Affected: 16.03.07.14
    Affected: 16.03.07.15
    Affected: 16.03.07.16
    Affected: 16.03.07.17
    Affected: 16.03.07.18
    Affected: 16.03.07.19
    Affected: 16.03.07.20
    Affected: 16.03.07.21
    Affected: 16.03.07.22
    Affected: 16.03.07.23
    Affected: 16.03.07.24
    Affected: 16.03.07.25
    Affected: 16.03.07.26
    Affected: 16.03.07.27
    Affected: 16.03.07.28
    Affected: 16.03.07.29
    Affected: 16.03.07.30
    Affected: 16.03.07.31
    Affected: 16.03.07.32
    Affected: 16.03.07.33
    Affected: 16.03.07.34
    Affected: 16.03.07.35
    Affected: 16.03.07.36
    Affected: 16.03.07.37
    Affected: 16.03.07.38
    Affected: 16.03.07.39
    Affected: 16.03.07.40
    Affected: 16.03.07.41
    Affected: 16.03.07.42
    Affected: 16.03.07.43
    Affected: 16.03.07.44
    Affected: 16.03.07.45
    Affected: 16.03.07.46
    Affected: 16.03.07.47
    Affected: 16.03.07.48
    Affected: 16.03.07.49
    Affected: 16.03.07.50
    Affected: 16.03.07.51
    Affected: 16.03.07.52
        cpe:2.3:o:tenda:ac23_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    cymiao (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-11356",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-07T18:13:29.018317Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-07T18:13:39.826Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:tenda:ac23_firmware:*:*:*:*:*:*:*:*"
              ],
              "product": "AC23",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "16.03.07.0"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.1"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.2"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.3"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.4"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.5"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.6"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.7"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.8"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.9"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.10"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.11"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.12"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.13"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.14"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.15"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.16"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.17"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.18"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.19"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.20"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.21"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.22"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.23"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.24"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.25"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.26"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.27"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.28"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.29"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.30"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.31"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.32"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.33"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.34"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.35"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.36"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.37"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.38"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.39"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.40"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.41"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.42"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.43"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.44"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.45"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.46"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.47"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.48"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.49"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.50"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.51"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.52"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "cymiao (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Tenda AC23 up to 16.03.07.52. Affected by this issue is the function sscanf of the file /goform/SetStaticRouteCfg. The manipulation of the argument list results in buffer overflow. It is possible to launch the attack remotely. The exploit has been made public and could be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-24T06:47:17.713Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-327241 | Tenda AC23 SetStaticRouteCfg sscanf buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.327241"
            },
            {
              "name": "VDB-327241 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.327241"
            },
            {
              "name": "Submit #664923 | Shenzhen Tenda Technology Co.,Ltd. AC23 \u003c= V16.03.07.52 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.664923"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/cymiao1978/cve/blob/main/12.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-10-06T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-10-06T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-10-07T10:26:54.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda AC23 SetStaticRouteCfg sscanf buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-11356",
        "datePublished": "2025-10-07T07:02:07.348Z",
        "dateReserved": "2025-10-06T06:33:20.887Z",
        "dateUpdated": "2026-02-24T06:47:17.713Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-10803 (GCVE-0-2025-10803)

    Vulnerability from nvd – Published: 2025-09-22 15:02 – Updated: 2025-09-22 17:18
    VLAI
    Title
    Tenda AC23 HTTP POST Request SetPptpServerCfg sscanf buffer overflow
    Summary
    A vulnerability has been found in Tenda AC23 up to 16.03.07.52. Affected by this vulnerability is the function sscanf of the file /goform/SetPptpServerCfg of the component HTTP POST Request Handler. Such manipulation of the argument startIp leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.325161 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.325161 signaturepermissions-required
    https://vuldb.com/?submit.654237 third-party-advisory
    https://github.com/lin-3-start/lin-cve/blob/main/… exploit
    https://www.tenda.com.cn/ product
    Impacted products
    Vendor Product Version
    Tenda AC23 Affected: 16.03.07.0
    Affected: 16.03.07.1
    Affected: 16.03.07.2
    Affected: 16.03.07.3
    Affected: 16.03.07.4
    Affected: 16.03.07.5
    Affected: 16.03.07.6
    Affected: 16.03.07.7
    Affected: 16.03.07.8
    Affected: 16.03.07.9
    Affected: 16.03.07.10
    Affected: 16.03.07.11
    Affected: 16.03.07.12
    Affected: 16.03.07.13
    Affected: 16.03.07.14
    Affected: 16.03.07.15
    Affected: 16.03.07.16
    Affected: 16.03.07.17
    Affected: 16.03.07.18
    Affected: 16.03.07.19
    Affected: 16.03.07.20
    Affected: 16.03.07.21
    Affected: 16.03.07.22
    Affected: 16.03.07.23
    Affected: 16.03.07.24
    Affected: 16.03.07.25
    Affected: 16.03.07.26
    Affected: 16.03.07.27
    Affected: 16.03.07.28
    Affected: 16.03.07.29
    Affected: 16.03.07.30
    Affected: 16.03.07.31
    Affected: 16.03.07.32
    Affected: 16.03.07.33
    Affected: 16.03.07.34
    Affected: 16.03.07.35
    Affected: 16.03.07.36
    Affected: 16.03.07.37
    Affected: 16.03.07.38
    Affected: 16.03.07.39
    Affected: 16.03.07.40
    Affected: 16.03.07.41
    Affected: 16.03.07.42
    Affected: 16.03.07.43
    Affected: 16.03.07.44
    Affected: 16.03.07.45
    Affected: 16.03.07.46
    Affected: 16.03.07.47
    Affected: 16.03.07.48
    Affected: 16.03.07.49
    Affected: 16.03.07.50
    Affected: 16.03.07.51
    Affected: 16.03.07.52
    Create a notification for this product.
    Credits
    QMSSDXN (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-10803",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-22T17:16:33.052690Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-22T17:18:36.553Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "HTTP POST Request Handler"
              ],
              "product": "AC23",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "16.03.07.0"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.1"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.2"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.3"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.4"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.5"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.6"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.7"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.8"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.9"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.10"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.11"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.12"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.13"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.14"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.15"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.16"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.17"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.18"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.19"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.20"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.21"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.22"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.23"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.24"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.25"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.26"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.27"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.28"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.29"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.30"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.31"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.32"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.33"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.34"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.35"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.36"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.37"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.38"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.39"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.40"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.41"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.42"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.43"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.44"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.45"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.46"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.47"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.48"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.49"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.50"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.51"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.52"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "QMSSDXN (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in Tenda AC23 up to 16.03.07.52. Affected by this vulnerability is the function sscanf of the file /goform/SetPptpServerCfg of the component HTTP POST Request Handler. Such manipulation of the argument startIp leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "Es wurde eine Schwachstelle in Tenda AC23 up to 16.03.07.52 entdeckt. Betroffen hiervon ist die Funktion sscanf der Datei /goform/SetPptpServerCfg der Komponente HTTP POST Request Handler. Die Manipulation des Arguments startIp f\u00fchrt zu buffer overflow. Der Angriff kann remote ausgef\u00fchrt werden. Der Exploit wurde der \u00d6ffentlichkeit bekannt gemacht und k\u00f6nnte verwendet werden."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-22T15:02:07.142Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-325161 | Tenda AC23 HTTP POST Request SetPptpServerCfg sscanf buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.325161"
            },
            {
              "name": "VDB-325161 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.325161"
            },
            {
              "name": "Submit #654237 | Tenda AC23 \u003c= V16.03.07.52 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.654237"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/lin-3-start/lin-cve/blob/main/Tenda%20AC23-3/Tenda%20AC23%20Buffer%20overflow.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-09-21T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-09-21T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-09-21T11:45:15.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda AC23 HTTP POST Request SetPptpServerCfg sscanf buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-10803",
        "datePublished": "2025-09-22T15:02:07.142Z",
        "dateReserved": "2025-09-21T09:39:45.186Z",
        "dateUpdated": "2025-09-22T17:18:36.553Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-9605 (GCVE-0-2025-9605)

    Vulnerability from nvd – Published: 2025-08-29 02:02 – Updated: 2025-08-29 13:31
    VLAI
    Title
    Tenda AC21/AC23 GetParentControlInfo stack-based overflow
    Summary
    A security vulnerability has been detected in Tenda AC21 and AC23 16.03.08.16. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. Such manipulation of the argument mac leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Tenda AC21 Affected: 16.03.08.16
    Create a notification for this product.
    Tenda AC23 Affected: 16.03.08.16
    Create a notification for this product.
    Credits
    lxyilu (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-9605",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-29T13:31:03.332380Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-29T13:31:06.430Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/XXRicardo/iot-cve/blob/main/Tenda/AC23/Stack-Based%20Buffer%20Overflow%20in%20Tenda%20Wi-Fi%205%20Router%20AC23%EF%BC%88AC23V1.0re_V16.03.07.52%EF%BC%89.md"
              },
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/XXRicardo/iot-cve/blob/main/Tenda/AC21/AC21V1.0re_V16.03.08.16.md"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AC21",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "16.03.08.16"
                }
              ]
            },
            {
              "product": "AC23",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "16.03.08.16"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "lxyilu (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability has been detected in Tenda AC21 and AC23 16.03.08.16. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. Such manipulation of the argument mac leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used."
            },
            {
              "lang": "de",
              "value": "In Tenda AC21 and AC23 16.03.08.16 ist eine Schwachstelle entdeckt worden. Betroffen ist die Funktion GetParentControlInfo der Datei /goform/GetParentControlInfo. Durch das Manipulieren des Arguments mac mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Ein Angriff ist aus der Distanz m\u00f6glich. Der Exploit ist \u00f6ffentlich verf\u00fcgbar und k\u00f6nnte genutzt werden."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 10,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-29T02:02:08.778Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-321783 | Tenda AC21/AC23 GetParentControlInfo stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.321783"
            },
            {
              "name": "VDB-321783 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.321783"
            },
            {
              "name": "Submit #636545 | Tenda Wi-Fi 5 Router AC21 AC21V1.0re_V16.03.08.16 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.636545"
            },
            {
              "name": "Submit #636548 | Tenda Wi-Fi 5 Router AC23 AC23V1.0re_V16.03.07.52 Buffer Overflow (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.636548"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://github.com/XXRicardo/iot-cve/blob/main/Tenda/AC21/AC21V1.0re_V16.03.08.16.md"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/XXRicardo/iot-cve/blob/main/Tenda/AC23/Stack-Based%20Buffer%20Overflow%20in%20Tenda%20Wi-Fi%205%20Router%20AC23%EF%BC%88AC23V1.0re_V16.03.07.52%EF%BC%89.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-08-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-08-28T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-08-28T17:27:38.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda AC21/AC23 GetParentControlInfo stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-9605",
        "datePublished": "2025-08-29T02:02:08.778Z",
        "dateReserved": "2025-08-28T15:21:33.747Z",
        "dateUpdated": "2025-08-29T13:31:06.430Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-8060 (GCVE-0-2025-8060)

    Vulnerability from nvd – Published: 2025-07-23 01:32 – Updated: 2025-07-23 15:14
    VLAI
    Title
    Tenda AC23 httpd setMacFilterCfg sub_46C940 stack-based overflow
    Summary
    A vulnerability has been found in Tenda AC23 16.03.07.52 and classified as critical. Affected by this vulnerability is the function sub_46C940 of the file /goform/setMacFilterCfg of the component httpd. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.317317 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.317317 signaturepermissions-required
    https://vuldb.com/?submit.619604 third-party-advisory
    https://github.com/Thir0th/Thir0th-CVE/blob/main/… exploit
    https://www.tenda.com.cn/ product
    Impacted products
    Vendor Product Version
    Tenda AC23 Affected: 16.03.07.52
    Create a notification for this product.
    Credits
    liuchangwei (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-8060",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-23T14:26:02.633061Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-23T15:14:41.589Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/Thir0th/Thir0th-CVE/blob/main/Tenda%20AC23_V16.03.07.52_has_a_stack_overflow.md"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "httpd"
              ],
              "product": "AC23",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "16.03.07.52"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "liuchangwei (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in Tenda AC23 16.03.07.52 and classified as critical. Affected by this vulnerability is the function sub_46C940 of the file /goform/setMacFilterCfg of the component httpd. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "In Tenda AC23 16.03.07.52 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Betroffen ist die Funktion sub_46C940 der Datei /goform/setMacFilterCfg der Komponente httpd. Dank der Manipulation des Arguments deviceList mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-23T01:32:06.931Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-317317 | Tenda AC23 httpd setMacFilterCfg sub_46C940 stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.317317"
            },
            {
              "name": "VDB-317317 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.317317"
            },
            {
              "name": "Submit #619604 | Tenda AC23 V16.03.07.52 Stack-based Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.619604"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/Thir0th/Thir0th-CVE/blob/main/Tenda%20AC23_V16.03.07.52_has_a_stack_overflow.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-07-22T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-07-22T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-07-22T22:46:17.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda AC23 httpd setMacFilterCfg sub_46C940 stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-8060",
        "datePublished": "2025-07-23T01:32:06.931Z",
        "dateReserved": "2025-07-22T20:41:12.236Z",
        "dateUpdated": "2025-07-23T15:14:41.589Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-3167 (GCVE-0-2025-3167)

    Vulnerability from nvd – Published: 2025-04-03 16:31 – Updated: 2025-04-03 19:42
    VLAI
    Title
    Tenda AC23 API Interface VerAPIMant denial of service
    Summary
    A vulnerability, which was classified as problematic, has been found in Tenda AC23 16.03.07.52. This issue affects some unknown processing of the file /goform/VerAPIMant of the component API Interface. The manipulation of the argument getuid leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.303113 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.303113 signaturepermissions-required
    https://vuldb.com/?submit.543150 third-party-advisory
    https://github.com/LZY0522/CVE/blob/main/CVE_1.md exploit
    https://www.tenda.com.cn/ product
    Impacted products
    Vendor Product Version
    Tenda AC23 Affected: 16.03.07.52
    Create a notification for this product.
    Credits
    Li Zhiyang (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3167",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-03T19:42:29.139890Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-03T19:42:56.025Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/LZY0522/CVE/blob/main/CVE_1.md"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "API Interface"
              ],
              "product": "AC23",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "16.03.07.52"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Li Zhiyang (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability, which was classified as problematic, has been found in Tenda AC23 16.03.07.52. This issue affects some unknown processing of the file /goform/VerAPIMant of the component API Interface. The manipulation of the argument getuid leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "Eine Schwachstelle wurde in Tenda AC23 16.03.07.52 entdeckt. Sie wurde als problematisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei /goform/VerAPIMant der Komponente API Interface. Durch Manipulieren des Arguments getuid mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.8,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-404",
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-03T16:31:09.102Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-303113 | Tenda AC23 API Interface VerAPIMant denial of service",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.303113"
            },
            {
              "name": "VDB-303113 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.303113"
            },
            {
              "name": "Submit #543150 | Shenzhen Tenda Technology Co., Ltd. Tenda AC23 Router V16.03.07.52 Denial of Service",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.543150"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/LZY0522/CVE/blob/main/CVE_1.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-04-03T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-04-03T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-04-03T09:34:59.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda AC23 API Interface VerAPIMant denial of service"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-3167",
        "datePublished": "2025-04-03T16:31:09.102Z",
        "dateReserved": "2025-04-03T07:29:54.127Z",
        "dateUpdated": "2025-04-03T19:42:56.025Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-24334 (GCVE-0-2023-24334)

    Vulnerability from nvd – Published: 2024-02-21 00:00 – Updated: 2024-08-02 10:56
    VLAI
    Summary
    A stack overflow vulnerability in Tenda AC23 with firmware version US_AC23V1.0re_V16.03.07.45_cn_TDC01 allows attackers to run arbitrary commands via schedStartTime parameter.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    tenda ac23_firmware Affected: 1.0re_v16.03.07.45_cn_tdc01
        cpe:2.3:a:tenda:ac23_firmware:1.0re_v16.03.07.45_cn_tdc01:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:tenda:ac23_firmware:1.0re_v16.03.07.45_cn_tdc01:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac23_firmware",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.0re_v16.03.07.45_cn_tdc01"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-24334",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-22T14:57:49.456960Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-121",
                    "description": "CWE-121 Stack-based Buffer Overflow",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-25T20:30:07.274Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:56:03.517Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/caoyebo/CVE/tree/main/TENDA%20AC23%20-%20CVE-2023-24334"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A stack overflow vulnerability in Tenda AC23 with firmware version US_AC23V1.0re_V16.03.07.45_cn_TDC01 allows attackers to run arbitrary commands via schedStartTime parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-21T20:34:18.598Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/caoyebo/CVE/tree/main/TENDA%20AC23%20-%20CVE-2023-24334"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-24334",
        "datePublished": "2024-02-21T00:00:00.000Z",
        "dateReserved": "2023-01-23T00:00:00.000Z",
        "dateUpdated": "2024-08-02T10:56:03.517Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-40798 (GCVE-0-2023-40798)

    Vulnerability from nvd – Published: 2023-08-25 00:00 – Updated: 2024-10-02 17:45
    VLAI
    Summary
    In Tenda AC23 v16.03.07.45_cn, the formSetIPv6status and formGetWanParameter functions do not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    Impacted products
    Vendor Product Version
    tenda ac23 Affected: 16.03.07.45_cn
        cpe:2.3:h:tenda:ac23:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:46:11.112Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/lst-oss/Vulnerability/tree/main/Tenda/AC23/formSetIPv6status-formGetWanParameter"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac23:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac23",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.03.07.45_cn"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-40798",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-02T17:44:26.224284Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-02T17:45:18.298Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Tenda AC23 v16.03.07.45_cn, the formSetIPv6status and formGetWanParameter functions do not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-25T15:03:17.860Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/lst-oss/Vulnerability/tree/main/Tenda/AC23/formSetIPv6status-formGetWanParameter"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-40798",
        "datePublished": "2023-08-25T00:00:00.000Z",
        "dateReserved": "2023-08-22T00:00:00.000Z",
        "dateUpdated": "2024-10-02T17:45:18.298Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-40797 (GCVE-0-2023-40797)

    Vulnerability from nvd – Published: 2023-08-25 00:00 – Updated: 2024-10-02 18:04
    VLAI
    Summary
    In Tenda AC23 v16.03.07.45_cn, the sub_4781A4 function does not validate the parameters entered by the user, resulting in a post-authentication stack overflow vulnerability.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    Impacted products
    Vendor Product Version
    tenda ac23 Affected: 16.03.07.45_cn
        cpe:2.3:h:tenda:ac23:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:46:10.339Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/lst-oss/Vulnerability/tree/main/Tenda/AC23/sub_4781A4"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac23:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac23",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.03.07.45_cn"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-40797",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-02T18:03:37.489686Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-02T18:04:27.280Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Tenda AC23 v16.03.07.45_cn, the sub_4781A4 function does not validate the parameters entered by the user, resulting in a post-authentication stack overflow vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-25T15:02:27.452Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/lst-oss/Vulnerability/tree/main/Tenda/AC23/sub_4781A4"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-40797",
        "datePublished": "2023-08-25T00:00:00.000Z",
        "dateReserved": "2023-08-22T00:00:00.000Z",
        "dateUpdated": "2024-10-02T18:04:27.280Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-40802 (GCVE-0-2023-40802)

    Vulnerability from nvd – Published: 2023-08-25 00:00 – Updated: 2024-10-02 15:27
    VLAI
    Summary
    The get_parentControl_list_Info function does not verify the parameters entered by the user, causing a post-authentication heap overflow vulnerability in Tenda AC23 v16.03.07.45_cn
    Severity
    No CVSS data available.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    Impacted products
    Vendor Product Version
    tenda ac23 Affected: v16.03.07.45_cn
        cpe:2.3:h:tenda:ac23:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:46:10.489Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/lst-oss/Vulnerability/tree/main/Tenda/AC23/get_parentControl_list_Info"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac23:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac23",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "v16.03.07.45_cn"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-40802",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-02T15:26:15.342949Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-02T15:27:25.947Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The get_parentControl_list_Info function does not verify the parameters entered by the user, causing a post-authentication heap overflow vulnerability in Tenda AC23 v16.03.07.45_cn"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-25T14:52:07.433Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/lst-oss/Vulnerability/tree/main/Tenda/AC23/get_parentControl_list_Info"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-40802",
        "datePublished": "2023-08-25T00:00:00.000Z",
        "dateReserved": "2023-08-22T00:00:00.000Z",
        "dateUpdated": "2024-10-02T15:27:25.947Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-40800 (GCVE-0-2023-40800)

    Vulnerability from nvd – Published: 2023-08-25 00:00 – Updated: 2024-10-02 15:32
    VLAI
    Summary
    The compare_parentcontrol_time function does not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability in Tenda AC23 v16.03.07.45_cn.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    Impacted products
    Vendor Product Version
    tenda ac23 Affected: 16.03.07.45_cn
        cpe:2.3:h:tenda:ac23:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:46:10.974Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/lst-oss/Vulnerability/tree/main/Tenda/AC23/compare_parentcontrol_time"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac23:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac23",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.03.07.45_cn"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-40800",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-02T15:31:21.413088Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-02T15:32:44.062Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The compare_parentcontrol_time function does not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability in Tenda AC23 v16.03.07.45_cn."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-25T14:56:32.519Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/lst-oss/Vulnerability/tree/main/Tenda/AC23/compare_parentcontrol_time"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-40800",
        "datePublished": "2023-08-25T00:00:00.000Z",
        "dateReserved": "2023-08-22T00:00:00.000Z",
        "dateUpdated": "2024-10-02T15:32:44.062Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-40799 (GCVE-0-2023-40799)

    Vulnerability from nvd – Published: 2023-08-25 00:00 – Updated: 2024-10-02 15:35
    VLAI
    Summary
    Tenda AC23 Vv16.03.07.45_cn is vulnerable to Buffer Overflow via sub_450A4C function.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    Impacted products
    Vendor Product Version
    tenda ac23 Affected: v16.03.07.45_cn
        cpe:2.3:h:tenda:ac23:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:46:11.130Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/lst-oss/Vulnerability/blob/main/Tenda/AC23/sub_450A4C"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac23:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac23",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "v16.03.07.45_cn"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-40799",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-02T15:34:03.417964Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-02T15:35:18.143Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Tenda AC23 Vv16.03.07.45_cn is vulnerable to Buffer Overflow via sub_450A4C function."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-25T15:04:23.243Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/lst-oss/Vulnerability/blob/main/Tenda/AC23/sub_450A4C"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-40799",
        "datePublished": "2023-08-25T00:00:00.000Z",
        "dateReserved": "2023-08-22T00:00:00.000Z",
        "dateUpdated": "2024-10-02T15:35:18.143Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-1420 (GCVE-0-2026-1420)

    Vulnerability from cvelistv5 – Published: 2026-01-26 05:02 – Updated: 2026-02-23 08:56
    VLAI
    Title
    Tenda AC23 WifiExtraSet buffer overflow
    Summary
    A flaw has been found in Tenda AC23 16.03.07.52. This impacts an unknown function of the file /goform/WifiExtraSet. This manipulation of the argument wpapsk_crypto causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Tenda AC23 Affected: 16.03.07.52
        cpe:2.3:o:tenda:ac23_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    xuanyu (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-1420",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-26T17:03:11.601125Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-26T17:04:03.490Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:tenda:ac23_firmware:*:*:*:*:*:*:*:*"
              ],
              "product": "AC23",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "16.03.07.52"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "xuanyu (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw has been found in Tenda AC23 16.03.07.52. This impacts an unknown function of the file /goform/WifiExtraSet. This manipulation of the argument wpapsk_crypto causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-23T08:56:57.929Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-342836 | Tenda AC23 WifiExtraSet buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.342836"
            },
            {
              "name": "VDB-342836 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.342836"
            },
            {
              "name": "Submit #736559 | Tenda AC23 V16.03.07.52 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.736559"
            },
            {
              "tags": [
                "broken-link",
                "exploit"
              ],
              "url": "https://github.com/xyh4ck/iot_poc/blob/main/Tenda%20AC23_Buffer_Overflow_WifiExtraSet/Tenda%20AC23_Buffer_Overflow_WifiExtraSet.md"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/xyh4ck/iot_poc/blob/main/Tenda%20AC23_Buffer_Overflow_WifiExtraSet/Tenda%20AC23_Buffer_Overflow_WifiExtraSet.md#poc"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-01-25T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-01-25T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-01-29T02:01:26.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda AC23 WifiExtraSet buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-1420",
        "datePublished": "2026-01-26T05:02:07.727Z",
        "dateReserved": "2026-01-25T17:02:07.778Z",
        "dateUpdated": "2026-02-23T08:56:57.929Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0640 (GCVE-0-2026-0640)

    Vulnerability from cvelistv5 – Published: 2026-01-06 15:32 – Updated: 2026-02-23 08:21
    VLAI
    Title
    Tenda AC23 PowerSaveSet sscanf buffer overflow
    Summary
    A weakness has been identified in Tenda AC23 16.03.07.52. This affects the function sscanf of the file /goform/PowerSaveSet. Executing a manipulation of the argument Time can lead to buffer overflow. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Tenda AC23 Affected: 16.03.07.52
        cpe:2.3:o:tenda:ac23_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    xuanyu (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0640",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-06T18:08:33.402004Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-06T18:10:01.723Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:tenda:ac23_firmware:*:*:*:*:*:*:*:*"
              ],
              "product": "AC23",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "16.03.07.52"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "xuanyu (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A weakness has been identified in Tenda AC23 16.03.07.52. This affects the function sscanf of the file /goform/PowerSaveSet. Executing a manipulation of the argument Time can lead to buffer overflow. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-23T08:21:03.636Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-339683 | Tenda AC23 PowerSaveSet sscanf buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.339683"
            },
            {
              "name": "VDB-339683 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.339683"
            },
            {
              "name": "Submit #731772 | Tenda AC23 V16.03.07.52 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.731772"
            },
            {
              "tags": [
                "broken-link",
                "exploit"
              ],
              "url": "https://github.com/xyh4ck/iot_poc/blob/main/Tenda%20AC23_Buffer_Overflow/Tenda%20AC23_Buffer_Overflow.md"
            },
            {
              "tags": [
                "broken-link",
                "exploit"
              ],
              "url": "https://github.com/xyh4ck/iot_poc/blob/main/Tenda%20AC23_Buffer_Overflow/Tenda%20AC23_Buffer_Overflow.md#poc"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-01-06T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-01-06T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-01-15T23:02:06.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda AC23 PowerSaveSet sscanf buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-0640",
        "datePublished": "2026-01-06T15:32:08.760Z",
        "dateReserved": "2026-01-06T09:07:14.569Z",
        "dateUpdated": "2026-02-23T08:21:03.636Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-15217 (GCVE-0-2025-15217)

    Vulnerability from cvelistv5 – Published: 2025-12-30 03:02 – Updated: 2026-02-24 06:13
    VLAI
    Title
    Tenda AC23 HTTP POST Request formSetPPTPUserList buffer overflow
    Summary
    A security flaw has been discovered in Tenda AC23 16.03.07.52. Affected is the function formSetPPTPUserList of the component HTTP POST Request Handler. Performing a manipulation of the argument list results in buffer overflow. The attack can be initiated remotely.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Tenda AC23 Affected: 16.03.07.52
        cpe:2.3:o:tenda:ac23_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    wxhwxhwxh_tutu (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-15217",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-30T18:45:22.732890Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-30T18:45:25.252Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://lavender-bicycle-a5a.notion.site/Tenda-AC23-formSetPPTPUserList-2d753a41781f8091b772cf9e66a687f1"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:tenda:ac23_firmware:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "HTTP POST Request Handler"
              ],
              "product": "AC23",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "16.03.07.52"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wxhwxhwxh_tutu (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security flaw has been discovered in Tenda AC23 16.03.07.52. Affected is the function formSetPPTPUserList of the component HTTP POST Request Handler. Performing a manipulation of the argument list results in buffer overflow. The attack can be initiated remotely."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-24T06:13:47.735Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-338602 | Tenda AC23 HTTP POST Request formSetPPTPUserList buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.338602"
            },
            {
              "name": "VDB-338602 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.338602"
            },
            {
              "name": "Submit #725448 | Tenda AC23 AC23 V16.03.07.52 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.725448"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://lavender-bicycle-a5a.notion.site/Tenda-AC23-formSetPPTPUserList-2d753a41781f8091b772cf9e66a687f1?source=copy_link"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-12-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-12-28T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-01-03T14:53:52.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda AC23 HTTP POST Request formSetPPTPUserList buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-15217",
        "datePublished": "2025-12-30T03:02:07.501Z",
        "dateReserved": "2025-12-28T15:36:53.443Z",
        "dateUpdated": "2026-02-24T06:13:47.735Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-15216 (GCVE-0-2025-15216)

    Vulnerability from cvelistv5 – Published: 2025-12-30 02:32 – Updated: 2026-02-24 06:13
    VLAI
    Title
    Tenda AC23 SetIpMacBind fromSetIpMacBind stack-based overflow
    Summary
    A vulnerability was identified in Tenda AC23 16.03.07.52. This impacts the function fromSetIpMacBind of the file /goform/SetIpMacBind. Such manipulation of the argument bindnum leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.338601 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.338601 signaturepermissions-required
    https://vuldb.com/?submit.725447 third-party-advisory
    https://lavender-bicycle-a5a.notion.site/Tenda-AC… exploit
    https://www.tenda.com.cn/ product
    Impacted products
    Vendor Product Version
    Tenda AC23 Affected: 16.03.07.52
        cpe:2.3:o:tenda:ac23_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    yhryhryhr_miemie (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-15216",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-30T18:45:45.918183Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-30T18:45:52.248Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:tenda:ac23_firmware:*:*:*:*:*:*:*:*"
              ],
              "product": "AC23",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "16.03.07.52"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "yhryhryhr_miemie (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was identified in Tenda AC23 16.03.07.52. This impacts the function fromSetIpMacBind of the file /goform/SetIpMacBind. Such manipulation of the argument bindnum leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-24T06:13:33.535Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-338601 | Tenda AC23 SetIpMacBind fromSetIpMacBind stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.338601"
            },
            {
              "name": "VDB-338601 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.338601"
            },
            {
              "name": "Submit #725447 | Tenda AC23 AC23 V16.03.07.52 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.725447"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://lavender-bicycle-a5a.notion.site/Tenda-AC23-SetIpMacBind-2d753a41781f8026a001f16e85226a21?source=copy_link"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-12-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-12-28T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-01-03T14:53:52.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda AC23 SetIpMacBind fromSetIpMacBind stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-15216",
        "datePublished": "2025-12-30T02:32:08.203Z",
        "dateReserved": "2025-12-28T15:36:47.477Z",
        "dateUpdated": "2026-02-24T06:13:33.535Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-12596 (GCVE-0-2025-12596)

    Vulnerability from cvelistv5 – Published: 2025-11-02 10:32 – Updated: 2026-02-24 06:21
    VLAI
    Title
    Tenda AC23 saveParentControlInfo buffer overflow
    Summary
    A security vulnerability has been detected in Tenda AC23 16.03.07.52. Affected is the function saveParentControlInfo of the file /goform/saveParentControlInfo. Such manipulation of the argument Time leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.330891 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.330891 signaturepermissions-required
    https://vuldb.com/?submit.677585 third-party-advisory
    https://github.com/LX-LX88/cve/issues/9 broken-linkexploitissue-tracking
    https://www.tenda.com.cn/ product
    Impacted products
    Vendor Product Version
    Tenda AC23 Affected: 16.03.07.52
        cpe:2.3:o:tenda:ac23_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    LX-LX (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12596",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-03T14:54:36.500458Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-03T14:54:39.493Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/LX-LX88/cve/issues/9"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:tenda:ac23_firmware:*:*:*:*:*:*:*:*"
              ],
              "product": "AC23",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "16.03.07.52"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "LX-LX (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability has been detected in Tenda AC23 16.03.07.52. Affected is the function saveParentControlInfo of the file /goform/saveParentControlInfo. Such manipulation of the argument Time leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-24T06:21:11.086Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-330891 | Tenda AC23 saveParentControlInfo buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.330891"
            },
            {
              "name": "VDB-330891 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.330891"
            },
            {
              "name": "Submit #677585 | Tenda AC23 V16.03.07.52 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.677585"
            },
            {
              "tags": [
                "broken-link",
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/LX-LX88/cve/issues/9"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-01T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-11-01T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-03T15:19:29.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda AC23 saveParentControlInfo buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-12596",
        "datePublished": "2025-11-02T10:32:06.299Z",
        "dateReserved": "2025-11-01T17:21:21.802Z",
        "dateUpdated": "2026-02-24T06:21:11.086Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-12595 (GCVE-0-2025-12595)

    Vulnerability from cvelistv5 – Published: 2025-11-02 10:02 – Updated: 2026-02-24 06:20
    VLAI
    Title
    Tenda AC23 SetVirtualServerCfg formSetVirtualSer buffer overflow
    Summary
    A weakness has been identified in Tenda AC23 16.03.07.52. This impacts the function formSetVirtualSer of the file /goform/SetVirtualServerCfg. This manipulation of the argument list causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.330890 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.330890 signaturepermissions-required
    https://vuldb.com/?submit.677581 third-party-advisory
    https://github.com/LX-LX88/cve/issues/8 broken-linkexploitissue-tracking
    https://www.tenda.com.cn/ product
    Impacted products
    Vendor Product Version
    Tenda AC23 Affected: 16.03.07.52
        cpe:2.3:o:tenda:ac23_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    LX-LX (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12595",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-03T14:55:44.673004Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-03T14:55:49.338Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/LX-LX88/cve/issues/8"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:tenda:ac23_firmware:*:*:*:*:*:*:*:*"
              ],
              "product": "AC23",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "16.03.07.52"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "LX-LX (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A weakness has been identified in Tenda AC23 16.03.07.52. This impacts the function formSetVirtualSer of the file /goform/SetVirtualServerCfg. This manipulation of the argument list causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-24T06:20:56.156Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-330890 | Tenda AC23 SetVirtualServerCfg formSetVirtualSer buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.330890"
            },
            {
              "name": "VDB-330890 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.330890"
            },
            {
              "name": "Submit #677581 | Tenda AC23 V16.03.07.52 Buffer Over",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.677581"
            },
            {
              "tags": [
                "broken-link",
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/LX-LX88/cve/issues/8"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-01T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-11-01T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-03T15:19:29.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda AC23 SetVirtualServerCfg formSetVirtualSer buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-12595",
        "datePublished": "2025-11-02T10:02:07.134Z",
        "dateReserved": "2025-11-01T17:21:18.934Z",
        "dateUpdated": "2026-02-24T06:20:56.156Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-11356 (GCVE-0-2025-11356)

    Vulnerability from cvelistv5 – Published: 2025-10-07 07:02 – Updated: 2026-02-24 06:47
    VLAI
    Title
    Tenda AC23 SetStaticRouteCfg sscanf buffer overflow
    Summary
    A vulnerability was found in Tenda AC23 up to 16.03.07.52. Affected by this issue is the function sscanf of the file /goform/SetStaticRouteCfg. The manipulation of the argument list results in buffer overflow. It is possible to launch the attack remotely. The exploit has been made public and could be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.327241 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.327241 signaturepermissions-required
    https://vuldb.com/?submit.664923 third-party-advisory
    https://github.com/cymiao1978/cve/blob/main/12.md exploit
    https://www.tenda.com.cn/ product
    Impacted products
    Vendor Product Version
    Tenda AC23 Affected: 16.03.07.0
    Affected: 16.03.07.1
    Affected: 16.03.07.2
    Affected: 16.03.07.3
    Affected: 16.03.07.4
    Affected: 16.03.07.5
    Affected: 16.03.07.6
    Affected: 16.03.07.7
    Affected: 16.03.07.8
    Affected: 16.03.07.9
    Affected: 16.03.07.10
    Affected: 16.03.07.11
    Affected: 16.03.07.12
    Affected: 16.03.07.13
    Affected: 16.03.07.14
    Affected: 16.03.07.15
    Affected: 16.03.07.16
    Affected: 16.03.07.17
    Affected: 16.03.07.18
    Affected: 16.03.07.19
    Affected: 16.03.07.20
    Affected: 16.03.07.21
    Affected: 16.03.07.22
    Affected: 16.03.07.23
    Affected: 16.03.07.24
    Affected: 16.03.07.25
    Affected: 16.03.07.26
    Affected: 16.03.07.27
    Affected: 16.03.07.28
    Affected: 16.03.07.29
    Affected: 16.03.07.30
    Affected: 16.03.07.31
    Affected: 16.03.07.32
    Affected: 16.03.07.33
    Affected: 16.03.07.34
    Affected: 16.03.07.35
    Affected: 16.03.07.36
    Affected: 16.03.07.37
    Affected: 16.03.07.38
    Affected: 16.03.07.39
    Affected: 16.03.07.40
    Affected: 16.03.07.41
    Affected: 16.03.07.42
    Affected: 16.03.07.43
    Affected: 16.03.07.44
    Affected: 16.03.07.45
    Affected: 16.03.07.46
    Affected: 16.03.07.47
    Affected: 16.03.07.48
    Affected: 16.03.07.49
    Affected: 16.03.07.50
    Affected: 16.03.07.51
    Affected: 16.03.07.52
        cpe:2.3:o:tenda:ac23_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    cymiao (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-11356",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-07T18:13:29.018317Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-07T18:13:39.826Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:tenda:ac23_firmware:*:*:*:*:*:*:*:*"
              ],
              "product": "AC23",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "16.03.07.0"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.1"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.2"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.3"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.4"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.5"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.6"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.7"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.8"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.9"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.10"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.11"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.12"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.13"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.14"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.15"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.16"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.17"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.18"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.19"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.20"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.21"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.22"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.23"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.24"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.25"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.26"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.27"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.28"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.29"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.30"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.31"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.32"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.33"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.34"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.35"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.36"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.37"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.38"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.39"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.40"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.41"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.42"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.43"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.44"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.45"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.46"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.47"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.48"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.49"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.50"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.51"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.52"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "cymiao (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Tenda AC23 up to 16.03.07.52. Affected by this issue is the function sscanf of the file /goform/SetStaticRouteCfg. The manipulation of the argument list results in buffer overflow. It is possible to launch the attack remotely. The exploit has been made public and could be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-24T06:47:17.713Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-327241 | Tenda AC23 SetStaticRouteCfg sscanf buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.327241"
            },
            {
              "name": "VDB-327241 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.327241"
            },
            {
              "name": "Submit #664923 | Shenzhen Tenda Technology Co.,Ltd. AC23 \u003c= V16.03.07.52 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.664923"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/cymiao1978/cve/blob/main/12.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-10-06T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-10-06T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-10-07T10:26:54.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda AC23 SetStaticRouteCfg sscanf buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-11356",
        "datePublished": "2025-10-07T07:02:07.348Z",
        "dateReserved": "2025-10-06T06:33:20.887Z",
        "dateUpdated": "2026-02-24T06:47:17.713Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-10803 (GCVE-0-2025-10803)

    Vulnerability from cvelistv5 – Published: 2025-09-22 15:02 – Updated: 2025-09-22 17:18
    VLAI
    Title
    Tenda AC23 HTTP POST Request SetPptpServerCfg sscanf buffer overflow
    Summary
    A vulnerability has been found in Tenda AC23 up to 16.03.07.52. Affected by this vulnerability is the function sscanf of the file /goform/SetPptpServerCfg of the component HTTP POST Request Handler. Such manipulation of the argument startIp leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.325161 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.325161 signaturepermissions-required
    https://vuldb.com/?submit.654237 third-party-advisory
    https://github.com/lin-3-start/lin-cve/blob/main/… exploit
    https://www.tenda.com.cn/ product
    Impacted products
    Vendor Product Version
    Tenda AC23 Affected: 16.03.07.0
    Affected: 16.03.07.1
    Affected: 16.03.07.2
    Affected: 16.03.07.3
    Affected: 16.03.07.4
    Affected: 16.03.07.5
    Affected: 16.03.07.6
    Affected: 16.03.07.7
    Affected: 16.03.07.8
    Affected: 16.03.07.9
    Affected: 16.03.07.10
    Affected: 16.03.07.11
    Affected: 16.03.07.12
    Affected: 16.03.07.13
    Affected: 16.03.07.14
    Affected: 16.03.07.15
    Affected: 16.03.07.16
    Affected: 16.03.07.17
    Affected: 16.03.07.18
    Affected: 16.03.07.19
    Affected: 16.03.07.20
    Affected: 16.03.07.21
    Affected: 16.03.07.22
    Affected: 16.03.07.23
    Affected: 16.03.07.24
    Affected: 16.03.07.25
    Affected: 16.03.07.26
    Affected: 16.03.07.27
    Affected: 16.03.07.28
    Affected: 16.03.07.29
    Affected: 16.03.07.30
    Affected: 16.03.07.31
    Affected: 16.03.07.32
    Affected: 16.03.07.33
    Affected: 16.03.07.34
    Affected: 16.03.07.35
    Affected: 16.03.07.36
    Affected: 16.03.07.37
    Affected: 16.03.07.38
    Affected: 16.03.07.39
    Affected: 16.03.07.40
    Affected: 16.03.07.41
    Affected: 16.03.07.42
    Affected: 16.03.07.43
    Affected: 16.03.07.44
    Affected: 16.03.07.45
    Affected: 16.03.07.46
    Affected: 16.03.07.47
    Affected: 16.03.07.48
    Affected: 16.03.07.49
    Affected: 16.03.07.50
    Affected: 16.03.07.51
    Affected: 16.03.07.52
    Create a notification for this product.
    Credits
    QMSSDXN (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-10803",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-22T17:16:33.052690Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-22T17:18:36.553Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "HTTP POST Request Handler"
              ],
              "product": "AC23",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "16.03.07.0"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.1"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.2"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.3"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.4"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.5"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.6"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.7"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.8"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.9"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.10"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.11"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.12"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.13"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.14"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.15"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.16"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.17"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.18"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.19"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.20"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.21"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.22"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.23"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.24"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.25"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.26"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.27"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.28"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.29"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.30"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.31"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.32"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.33"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.34"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.35"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.36"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.37"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.38"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.39"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.40"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.41"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.42"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.43"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.44"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.45"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.46"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.47"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.48"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.49"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.50"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.51"
                },
                {
                  "status": "affected",
                  "version": "16.03.07.52"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "QMSSDXN (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in Tenda AC23 up to 16.03.07.52. Affected by this vulnerability is the function sscanf of the file /goform/SetPptpServerCfg of the component HTTP POST Request Handler. Such manipulation of the argument startIp leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "Es wurde eine Schwachstelle in Tenda AC23 up to 16.03.07.52 entdeckt. Betroffen hiervon ist die Funktion sscanf der Datei /goform/SetPptpServerCfg der Komponente HTTP POST Request Handler. Die Manipulation des Arguments startIp f\u00fchrt zu buffer overflow. Der Angriff kann remote ausgef\u00fchrt werden. Der Exploit wurde der \u00d6ffentlichkeit bekannt gemacht und k\u00f6nnte verwendet werden."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-22T15:02:07.142Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-325161 | Tenda AC23 HTTP POST Request SetPptpServerCfg sscanf buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.325161"
            },
            {
              "name": "VDB-325161 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.325161"
            },
            {
              "name": "Submit #654237 | Tenda AC23 \u003c= V16.03.07.52 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.654237"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/lin-3-start/lin-cve/blob/main/Tenda%20AC23-3/Tenda%20AC23%20Buffer%20overflow.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-09-21T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-09-21T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-09-21T11:45:15.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda AC23 HTTP POST Request SetPptpServerCfg sscanf buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-10803",
        "datePublished": "2025-09-22T15:02:07.142Z",
        "dateReserved": "2025-09-21T09:39:45.186Z",
        "dateUpdated": "2025-09-22T17:18:36.553Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-9605 (GCVE-0-2025-9605)

    Vulnerability from cvelistv5 – Published: 2025-08-29 02:02 – Updated: 2025-08-29 13:31
    VLAI
    Title
    Tenda AC21/AC23 GetParentControlInfo stack-based overflow
    Summary
    A security vulnerability has been detected in Tenda AC21 and AC23 16.03.08.16. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. Such manipulation of the argument mac leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Tenda AC21 Affected: 16.03.08.16
    Create a notification for this product.
    Tenda AC23 Affected: 16.03.08.16
    Create a notification for this product.
    Credits
    lxyilu (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-9605",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-29T13:31:03.332380Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-29T13:31:06.430Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/XXRicardo/iot-cve/blob/main/Tenda/AC23/Stack-Based%20Buffer%20Overflow%20in%20Tenda%20Wi-Fi%205%20Router%20AC23%EF%BC%88AC23V1.0re_V16.03.07.52%EF%BC%89.md"
              },
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/XXRicardo/iot-cve/blob/main/Tenda/AC21/AC21V1.0re_V16.03.08.16.md"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AC21",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "16.03.08.16"
                }
              ]
            },
            {
              "product": "AC23",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "16.03.08.16"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "lxyilu (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability has been detected in Tenda AC21 and AC23 16.03.08.16. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. Such manipulation of the argument mac leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used."
            },
            {
              "lang": "de",
              "value": "In Tenda AC21 and AC23 16.03.08.16 ist eine Schwachstelle entdeckt worden. Betroffen ist die Funktion GetParentControlInfo der Datei /goform/GetParentControlInfo. Durch das Manipulieren des Arguments mac mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Ein Angriff ist aus der Distanz m\u00f6glich. Der Exploit ist \u00f6ffentlich verf\u00fcgbar und k\u00f6nnte genutzt werden."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 10,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-29T02:02:08.778Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-321783 | Tenda AC21/AC23 GetParentControlInfo stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.321783"
            },
            {
              "name": "VDB-321783 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.321783"
            },
            {
              "name": "Submit #636545 | Tenda Wi-Fi 5 Router AC21 AC21V1.0re_V16.03.08.16 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.636545"
            },
            {
              "name": "Submit #636548 | Tenda Wi-Fi 5 Router AC23 AC23V1.0re_V16.03.07.52 Buffer Overflow (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.636548"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://github.com/XXRicardo/iot-cve/blob/main/Tenda/AC21/AC21V1.0re_V16.03.08.16.md"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/XXRicardo/iot-cve/blob/main/Tenda/AC23/Stack-Based%20Buffer%20Overflow%20in%20Tenda%20Wi-Fi%205%20Router%20AC23%EF%BC%88AC23V1.0re_V16.03.07.52%EF%BC%89.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-08-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-08-28T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-08-28T17:27:38.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda AC21/AC23 GetParentControlInfo stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-9605",
        "datePublished": "2025-08-29T02:02:08.778Z",
        "dateReserved": "2025-08-28T15:21:33.747Z",
        "dateUpdated": "2025-08-29T13:31:06.430Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-8060 (GCVE-0-2025-8060)

    Vulnerability from cvelistv5 – Published: 2025-07-23 01:32 – Updated: 2025-07-23 15:14
    VLAI
    Title
    Tenda AC23 httpd setMacFilterCfg sub_46C940 stack-based overflow
    Summary
    A vulnerability has been found in Tenda AC23 16.03.07.52 and classified as critical. Affected by this vulnerability is the function sub_46C940 of the file /goform/setMacFilterCfg of the component httpd. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.317317 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.317317 signaturepermissions-required
    https://vuldb.com/?submit.619604 third-party-advisory
    https://github.com/Thir0th/Thir0th-CVE/blob/main/… exploit
    https://www.tenda.com.cn/ product
    Impacted products
    Vendor Product Version
    Tenda AC23 Affected: 16.03.07.52
    Create a notification for this product.
    Credits
    liuchangwei (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-8060",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-23T14:26:02.633061Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-23T15:14:41.589Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/Thir0th/Thir0th-CVE/blob/main/Tenda%20AC23_V16.03.07.52_has_a_stack_overflow.md"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "httpd"
              ],
              "product": "AC23",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "16.03.07.52"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "liuchangwei (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in Tenda AC23 16.03.07.52 and classified as critical. Affected by this vulnerability is the function sub_46C940 of the file /goform/setMacFilterCfg of the component httpd. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "In Tenda AC23 16.03.07.52 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Betroffen ist die Funktion sub_46C940 der Datei /goform/setMacFilterCfg der Komponente httpd. Dank der Manipulation des Arguments deviceList mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-23T01:32:06.931Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-317317 | Tenda AC23 httpd setMacFilterCfg sub_46C940 stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.317317"
            },
            {
              "name": "VDB-317317 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.317317"
            },
            {
              "name": "Submit #619604 | Tenda AC23 V16.03.07.52 Stack-based Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.619604"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/Thir0th/Thir0th-CVE/blob/main/Tenda%20AC23_V16.03.07.52_has_a_stack_overflow.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-07-22T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-07-22T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-07-22T22:46:17.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda AC23 httpd setMacFilterCfg sub_46C940 stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-8060",
        "datePublished": "2025-07-23T01:32:06.931Z",
        "dateReserved": "2025-07-22T20:41:12.236Z",
        "dateUpdated": "2025-07-23T15:14:41.589Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-3167 (GCVE-0-2025-3167)

    Vulnerability from cvelistv5 – Published: 2025-04-03 16:31 – Updated: 2025-04-03 19:42
    VLAI
    Title
    Tenda AC23 API Interface VerAPIMant denial of service
    Summary
    A vulnerability, which was classified as problematic, has been found in Tenda AC23 16.03.07.52. This issue affects some unknown processing of the file /goform/VerAPIMant of the component API Interface. The manipulation of the argument getuid leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.303113 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.303113 signaturepermissions-required
    https://vuldb.com/?submit.543150 third-party-advisory
    https://github.com/LZY0522/CVE/blob/main/CVE_1.md exploit
    https://www.tenda.com.cn/ product
    Impacted products
    Vendor Product Version
    Tenda AC23 Affected: 16.03.07.52
    Create a notification for this product.
    Credits
    Li Zhiyang (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3167",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-03T19:42:29.139890Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-03T19:42:56.025Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/LZY0522/CVE/blob/main/CVE_1.md"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "API Interface"
              ],
              "product": "AC23",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "16.03.07.52"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Li Zhiyang (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability, which was classified as problematic, has been found in Tenda AC23 16.03.07.52. This issue affects some unknown processing of the file /goform/VerAPIMant of the component API Interface. The manipulation of the argument getuid leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "Eine Schwachstelle wurde in Tenda AC23 16.03.07.52 entdeckt. Sie wurde als problematisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei /goform/VerAPIMant der Komponente API Interface. Durch Manipulieren des Arguments getuid mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.8,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-404",
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-03T16:31:09.102Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-303113 | Tenda AC23 API Interface VerAPIMant denial of service",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.303113"
            },
            {
              "name": "VDB-303113 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.303113"
            },
            {
              "name": "Submit #543150 | Shenzhen Tenda Technology Co., Ltd. Tenda AC23 Router V16.03.07.52 Denial of Service",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.543150"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/LZY0522/CVE/blob/main/CVE_1.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-04-03T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-04-03T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-04-03T09:34:59.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda AC23 API Interface VerAPIMant denial of service"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-3167",
        "datePublished": "2025-04-03T16:31:09.102Z",
        "dateReserved": "2025-04-03T07:29:54.127Z",
        "dateUpdated": "2025-04-03T19:42:56.025Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-24334 (GCVE-0-2023-24334)

    Vulnerability from cvelistv5 – Published: 2024-02-21 00:00 – Updated: 2024-08-02 10:56
    VLAI
    Summary
    A stack overflow vulnerability in Tenda AC23 with firmware version US_AC23V1.0re_V16.03.07.45_cn_TDC01 allows attackers to run arbitrary commands via schedStartTime parameter.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    tenda ac23_firmware Affected: 1.0re_v16.03.07.45_cn_tdc01
        cpe:2.3:a:tenda:ac23_firmware:1.0re_v16.03.07.45_cn_tdc01:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:tenda:ac23_firmware:1.0re_v16.03.07.45_cn_tdc01:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac23_firmware",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.0re_v16.03.07.45_cn_tdc01"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-24334",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-22T14:57:49.456960Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-121",
                    "description": "CWE-121 Stack-based Buffer Overflow",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-25T20:30:07.274Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:56:03.517Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/caoyebo/CVE/tree/main/TENDA%20AC23%20-%20CVE-2023-24334"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A stack overflow vulnerability in Tenda AC23 with firmware version US_AC23V1.0re_V16.03.07.45_cn_TDC01 allows attackers to run arbitrary commands via schedStartTime parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-21T20:34:18.598Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/caoyebo/CVE/tree/main/TENDA%20AC23%20-%20CVE-2023-24334"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-24334",
        "datePublished": "2024-02-21T00:00:00.000Z",
        "dateReserved": "2023-01-23T00:00:00.000Z",
        "dateUpdated": "2024-08-02T10:56:03.517Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-40800 (GCVE-0-2023-40800)

    Vulnerability from cvelistv5 – Published: 2023-08-25 00:00 – Updated: 2024-10-02 15:32
    VLAI
    Summary
    The compare_parentcontrol_time function does not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability in Tenda AC23 v16.03.07.45_cn.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    Impacted products
    Vendor Product Version
    tenda ac23 Affected: 16.03.07.45_cn
        cpe:2.3:h:tenda:ac23:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:46:10.974Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/lst-oss/Vulnerability/tree/main/Tenda/AC23/compare_parentcontrol_time"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac23:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac23",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.03.07.45_cn"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-40800",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-02T15:31:21.413088Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-02T15:32:44.062Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The compare_parentcontrol_time function does not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability in Tenda AC23 v16.03.07.45_cn."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-25T14:56:32.519Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/lst-oss/Vulnerability/tree/main/Tenda/AC23/compare_parentcontrol_time"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-40800",
        "datePublished": "2023-08-25T00:00:00.000Z",
        "dateReserved": "2023-08-22T00:00:00.000Z",
        "dateUpdated": "2024-10-02T15:32:44.062Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }