Tenda AC23
Moderate fix1 remedy
cpe:2.3:h:tenda:ac23:*:*:*:*:*:*:*, +3 more
Moderate fix1 remedy
- V16.03.07.52
Tenda AC23 Buffer Overflow Vulnerability in WifiExtraSet Function
Vulnerability
A buffer overflow vulnerability has been identified in the Tenda AC23 router, specifically in the firmware version 16.03.07.52. The issue arises in the WifiExtraSet function, where insufficient boundary checks allow for the wpapsk_crypto parameter to be manipulated, leading to a buffer overflow. This vulnerability can be exploited remotely, causing a denial-of-service condition on the device.
Impact
Exploitation of this vulnerability leads to a denial-of-service condition, causing the device to become unresponsive or to malfunction.
Reproduction
The vulnerability can be reproduced by sending a crafted HTTP POST request to the '/goform/WifiExtraSet' endpoint. The request must include a specially crafted value for the 'wpapsk_crypto' parameter, which triggers the buffer overflow. This can be done using a variety of tools that allow for HTTP request manipulation, such as Postman or curl.
Added: Jan 26, 2026, 6:19 AM
Updated: Jan 26, 2026, 6:19 AM
Vulnerability Rating
Custom Algorithm
spread
4.5impact
2.5exploitability
9.1remediation
6.0relevance
2.3threat
6.4urgency
2.9incentive
8.3Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.