top of page
perceptive_background_267k.jpg

A flaw has been found in Tenda AC23 16.03.07.52. This impacts an unknown function of the file /goform/WifiExtraSet. This manipulation of the argument wpapsk_cry…

Published:

25 January 2026 at 23:00:00

Alert date:

26 January 2026 at 16:02:02

Source:

nvd.nist.gov

Click to open the original link from this advisory

Mobile & IoT, Network Infrastructure

A buffer overflow vulnerability has been discovered in Tenda AC23 firmware version 16.03.07.52. The flaw affects the WifiExtraSet function in the /goform/WifiExtraSet file through manipulation of the wpapsk_crypto argument. This vulnerability allows for remote exploitation and poses a significant security risk. The exploit code has been publicly released and is available for use by attackers. Organizations using affected Tenda AC23 devices should take immediate action to mitigate this vulnerability.

Technical details

Mitigation steps:

Affected products:

Tenda AC23

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-1420
https://github.com/xyh4ck/iot_poc/blob/main/Tenda%20AC23_Buffer_Overflow_WifiExtraSet/Tenda%20AC23_Buffer_Overflow_WifiExtraSet.md
https://github.com/xyh4ck/iot_poc/blob/main/Tenda%20AC23_Buffer_Overflow_WifiExtraSet/Tenda%20AC23_Buffer_Overflow_WifiExtraSet.md#poc
https://vuldb.com/?ctiid.342836
https://vuldb.com/?id.342836
https://vuldb.com/?submit.736559
https://www.tenda.com.cn/

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page