Unrated severityNVD Advisory· Published Jan 6, 2026· Updated Feb 23, 2026

Tenda AC23 PowerSaveSet sscanf buffer overflow

CVE-2026-0640

Description

A weakness has been identified in Tenda AC23 16.03.07.52. This affects the function sscanf of the file /goform/PowerSaveSet. Executing a manipulation of the argument Time can lead to buffer overflow. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.

Affected products

Tenda/AC23v5
cpe:2.3:o:tenda:ac23_firmware:*:*:*:*:*:*:*:*
Range: 16.03.07.52
Tenda/AC23llm-fuzzy
Range: = 16.03.07.52

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/xyh4ck/iot_poc/blob/main/Tenda%20AC23_Buffer_Overflow/Tenda%20AC23_Buffer_Overflow.mdmitrebroken-linkexploit
github.com/xyh4ck/iot_poc/blob/main/Tenda%20AC23_Buffer_Overflow/Tenda%20AC23_Buffer_Overflow.mdmitrebroken-linkexploit
vuldb.commitrethird-party-advisory
vuldb.commitresignaturepermissions-required
vuldb.commitrevdb-entrytechnical-description
www.tenda.com.cnmitreproduct

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000