AC23
by Tenda
CVEs (32)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-0782 | Hig | 0.47 | 7.2 | 0.01 | Feb 11, 2023 | A vulnerability was found in Tenda AC23 16.03.07.45 and classified as critical. Affected by this issue is the function formSetSysToolDDNS/formGetSysToolDDNS of the file /bin/httpd. The manipulation leads to out-of-bounds write. The attack may be launched remotely. The exploit… | ||
| CVE-2025-3167 | Med | 0.42 | 6.5 | 0.01 | Apr 3, 2025 | A vulnerability, which was classified as problematic, has been found in Tenda AC23 16.03.07.52. This issue affects some unknown processing of the file /goform/VerAPIMant of the component API Interface. The manipulation of the argument getuid leads to denial of service. The… | ||
| CVE-2023-40802 | Med | 0.42 | 6.5 | 0.01 | Aug 25, 2023 | The get_parentControl_list_Info function does not verify the parameters entered by the user, causing a post-authentication heap overflow vulnerability in Tenda AC23 v16.03.07.45_cn | ||
| CVE-2026-1420 | 0.00 | — | 0.04 | Jan 26, 2026 | A flaw has been found in Tenda AC23 16.03.07.52. This impacts an unknown function of the file /goform/WifiExtraSet. This manipulation of the argument wpapsk_crypto causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be… | |||
| CVE-2026-0640 | 0.00 | — | 0.03 | Jan 6, 2026 | A weakness has been identified in Tenda AC23 16.03.07.52. This affects the function sscanf of the file /goform/PowerSaveSet. Executing a manipulation of the argument Time can lead to buffer overflow. The attack can be launched remotely. The exploit has been made available to the… | |||
| CVE-2025-15217 | 0.00 | — | 0.01 | Dec 30, 2025 | A security flaw has been discovered in Tenda AC23 16.03.07.52. Affected is the function formSetPPTPUserList of the component HTTP POST Request Handler. Performing a manipulation of the argument list results in buffer overflow. The attack can be initiated remotely. | |||
| CVE-2025-15216 | 0.00 | — | 0.01 | Dec 30, 2025 | A vulnerability was identified in Tenda AC23 16.03.07.52. This impacts the function fromSetIpMacBind of the file /goform/SetIpMacBind. Such manipulation of the argument bindnum leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is… | |||
| CVE-2025-12596 | 0.00 | — | 0.01 | Nov 2, 2025 | A security vulnerability has been detected in Tenda AC23 16.03.07.52. Affected is the function saveParentControlInfo of the file /goform/saveParentControlInfo. Such manipulation of the argument Time leads to buffer overflow. It is possible to launch the attack remotely. The… | |||
| CVE-2025-12595 | 0.00 | — | 0.01 | Nov 2, 2025 | A weakness has been identified in Tenda AC23 16.03.07.52. This impacts the function formSetVirtualSer of the file /goform/SetVirtualServerCfg. This manipulation of the argument list causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made… | |||
| CVE-2025-11356 | 0.00 | — | 0.01 | Oct 7, 2025 | A vulnerability was found in Tenda AC23 up to 16.03.07.52. Affected by this issue is the function sscanf of the file /goform/SetStaticRouteCfg. The manipulation of the argument list results in buffer overflow. It is possible to launch the attack remotely. The exploit has been… | |||
| CVE-2025-10803 | 0.00 | — | 0.01 | Sep 22, 2025 | A vulnerability has been found in Tenda AC23 up to 16.03.07.52. Affected by this vulnerability is the function sscanf of the file /goform/SetPptpServerCfg of the component HTTP POST Request Handler. Such manipulation of the argument startIp leads to buffer overflow. It is… | |||
| CVE-2025-9605 | 0.00 | — | 0.01 | Aug 29, 2025 | A security vulnerability has been detected in Tenda AC21 and AC23 16.03.08.16. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. Such manipulation of the argument mac leads to stack-based buffer overflow. The attack can be launched remotely.… |
- risk 0.47cvss 7.2epss 0.01
A vulnerability was found in Tenda AC23 16.03.07.45 and classified as critical. Affected by this issue is the function formSetSysToolDDNS/formGetSysToolDDNS of the file /bin/httpd. The manipulation leads to out-of-bounds write. The attack may be launched remotely. The exploit…
- risk 0.42cvss 6.5epss 0.01
A vulnerability, which was classified as problematic, has been found in Tenda AC23 16.03.07.52. This issue affects some unknown processing of the file /goform/VerAPIMant of the component API Interface. The manipulation of the argument getuid leads to denial of service. The…
- risk 0.42cvss 6.5epss 0.01
The get_parentControl_list_Info function does not verify the parameters entered by the user, causing a post-authentication heap overflow vulnerability in Tenda AC23 v16.03.07.45_cn
- CVE-2026-1420Jan 26, 2026risk 0.00cvss —epss 0.04
A flaw has been found in Tenda AC23 16.03.07.52. This impacts an unknown function of the file /goform/WifiExtraSet. This manipulation of the argument wpapsk_crypto causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be…
- CVE-2026-0640Jan 6, 2026risk 0.00cvss —epss 0.03
A weakness has been identified in Tenda AC23 16.03.07.52. This affects the function sscanf of the file /goform/PowerSaveSet. Executing a manipulation of the argument Time can lead to buffer overflow. The attack can be launched remotely. The exploit has been made available to the…
- CVE-2025-15217Dec 30, 2025risk 0.00cvss —epss 0.01
A security flaw has been discovered in Tenda AC23 16.03.07.52. Affected is the function formSetPPTPUserList of the component HTTP POST Request Handler. Performing a manipulation of the argument list results in buffer overflow. The attack can be initiated remotely.
- CVE-2025-15216Dec 30, 2025risk 0.00cvss —epss 0.01
A vulnerability was identified in Tenda AC23 16.03.07.52. This impacts the function fromSetIpMacBind of the file /goform/SetIpMacBind. Such manipulation of the argument bindnum leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is…
- CVE-2025-12596Nov 2, 2025risk 0.00cvss —epss 0.01
A security vulnerability has been detected in Tenda AC23 16.03.07.52. Affected is the function saveParentControlInfo of the file /goform/saveParentControlInfo. Such manipulation of the argument Time leads to buffer overflow. It is possible to launch the attack remotely. The…
- CVE-2025-12595Nov 2, 2025risk 0.00cvss —epss 0.01
A weakness has been identified in Tenda AC23 16.03.07.52. This impacts the function formSetVirtualSer of the file /goform/SetVirtualServerCfg. This manipulation of the argument list causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made…
- CVE-2025-11356Oct 7, 2025risk 0.00cvss —epss 0.01
A vulnerability was found in Tenda AC23 up to 16.03.07.52. Affected by this issue is the function sscanf of the file /goform/SetStaticRouteCfg. The manipulation of the argument list results in buffer overflow. It is possible to launch the attack remotely. The exploit has been…
- CVE-2025-10803Sep 22, 2025risk 0.00cvss —epss 0.01
A vulnerability has been found in Tenda AC23 up to 16.03.07.52. Affected by this vulnerability is the function sscanf of the file /goform/SetPptpServerCfg of the component HTTP POST Request Handler. Such manipulation of the argument startIp leads to buffer overflow. It is…
- CVE-2025-9605Aug 29, 2025risk 0.00cvss —epss 0.01
A security vulnerability has been detected in Tenda AC21 and AC23 16.03.08.16. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. Such manipulation of the argument mac leads to stack-based buffer overflow. The attack can be launched remotely.…
Page 2 of 2