Tenda Ac23 Firmware
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Tenda Ac23 Firmware.
By the Year
In 2026 there have been 2 vulnerabilities in Tenda Ac23 Firmware with an average score of 8.8 out of ten. Last year, in 2025 Ac23 Firmware had 7 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Ac23 Firmware in 2026 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.19.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 2 | 8.80 |
| 2025 | 7 | 8.61 |
| 2024 | 1 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 8 | 9.80 |
It may take a day or so for new Ac23 Firmware vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Tenda Ac23 Firmware Security Vulnerabilities
Tenda AC23 v16.03.07.52 Buffer Overflow in /goform/WifiExtraSet wpapsk_crypto
CVE-2026-1420
8.8 - High
- January 26, 2026
A flaw has been found in Tenda AC23 16.03.07.52. This impacts an unknown function of the file /goform/WifiExtraSet. This manipulation of the argument wpapsk_crypto causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used.
Classic Buffer Overflow
Tenda AC23 16.03.07.52 Remote Buffer Overflow in sscanf via PowerSaveSet
CVE-2026-0640
8.8 - High
- January 06, 2026
A weakness has been identified in Tenda AC23 16.03.07.52. This affects the function sscanf of the file /goform/PowerSaveSet. Executing a manipulation of the argument Time can lead to buffer overflow. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.
Classic Buffer Overflow
A security flaw has been discovered in Tenda AC23 16.03.07.52
CVE-2025-15217
8.8 - High
- December 30, 2025
A security flaw has been discovered in Tenda AC23 16.03.07.52. Affected is the function formSetPPTPUserList of the component HTTP POST Request Handler. Performing a manipulation of the argument list results in buffer overflow. The attack can be initiated remotely.
Classic Buffer Overflow
A vulnerability was identified in Tenda AC23 16.03.07.52
CVE-2025-15216
8.8 - High
- December 30, 2025
A vulnerability was identified in Tenda AC23 16.03.07.52. This impacts the function fromSetIpMacBind of the file /goform/SetIpMacBind. Such manipulation of the argument bindnum leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
Stack Overflow
IoT router Tenda AC23 buffer overflow in saveParentControlInfo (v16.03.07.52)
CVE-2025-12596
8.8 - High
- November 02, 2025
A security vulnerability has been detected in Tenda AC23 16.03.07.52. Affected is the function saveParentControlInfo of the file /goform/saveParentControlInfo. Such manipulation of the argument Time leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.
Classic Buffer Overflow
Tenda AC23 16.03.07.52 Buffer Overflow in formSetVirtualSer
CVE-2025-12595
8.8 - High
- November 02, 2025
A weakness has been identified in Tenda AC23 16.03.07.52. This impacts the function formSetVirtualSer of the file /goform/SetVirtualServerCfg. This manipulation of the argument list causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.
Classic Buffer Overflow
Tenda AC23 buffer overflow via sscanf in SetStaticRouteCfg, up to v16.03.07.52
CVE-2025-11356
8.8 - High
- October 07, 2025
A vulnerability was found in Tenda AC23 up to 16.03.07.52. Affected by this issue is the function sscanf of the file /goform/SetStaticRouteCfg. The manipulation of the argument list results in buffer overflow. It is possible to launch the attack remotely. The exploit has been made public and could be used.
Classic Buffer Overflow
Tenda AC23 16.03.07.52 RCE via httpd buffer overflow
CVE-2025-8060
8.8 - High
- July 23, 2025
A vulnerability has been found in Tenda AC23 16.03.07.52 and classified as critical. Affected by this vulnerability is the function sub_46C940 of the file /goform/setMacFilterCfg of the component httpd. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Buffer Overflow
Tenda AC23 16.03.07.52 API Interface /goform/VerAPIMant remote DoS
CVE-2025-3167
7.5 - High
- April 03, 2025
A vulnerability, which was classified as problematic, has been found in Tenda AC23 16.03.07.52. This issue affects some unknown processing of the file /goform/VerAPIMant of the component API Interface. The manipulation of the argument getuid leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Improper Resource Shutdown or Release
Tenda AC23 stack overflow via schedStartTime (US_AC23V1.0re_V16.03.07.45_cn_TDC01)
CVE-2023-24334
- February 21, 2024
A stack overflow vulnerability in Tenda AC23 with firmware version US_AC23V1.0re_V16.03.07.45_cn_TDC01 allows attackers to run arbitrary commands via schedStartTime parameter.
Tenda AC23 V<16.03.07.45_cn: Stack Overflow in timeZone Param of fromSetSysTime
CVE-2022-43102
9.8 - Critical
- November 03, 2022
Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the timeZone parameter in the fromSetSysTime function.
Memory Corruption
Tenda AC23 V16.03.07.45_cn Stack Overflow in formSetQosBand
CVE-2022-43103
9.8 - Critical
- November 03, 2022
Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the list parameter in the formSetQosBand function.
Memory Corruption
Tenda AC23 Stack Overflow in fromSetWirelessRepeat (wpapsk_crypto)
CVE-2022-43104
9.8 - Critical
- November 03, 2022
Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the wpapsk_crypto parameter in the fromSetWirelessRepeat function.
Memory Corruption
Tenda AC23 V16.03.07.45_cn stack overflow via shareSpeed param
CVE-2022-43105
9.8 - Critical
- November 03, 2022
Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the shareSpeed parameter in the fromSetWifiGusetBasic function.
Memory Corruption
Stack overflow in Tenda AC23 V16.03.07.45_cn via firewallEn in setFirewallCfg
CVE-2022-43108
9.8 - Critical
- November 03, 2022
Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the firewallEn parameter in the formSetFirewallCfg function.
Memory Corruption
Tenda AC23 Stack Overflow via devName in formSetDeviceName (v16.03.07.45_cn)
CVE-2022-43101
9.8 - Critical
- November 03, 2022
Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the devName parameter in the formSetDeviceName function.
Memory Corruption
Stack Overflow in Tenda AC23 via setSchedWifi (v16.03.07.45_cn)
CVE-2022-43106
9.8 - Critical
- November 03, 2022
Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the schedStartTime parameter in the setSchedWifi function.
Memory Corruption
Stack Overflow in setSmartPowerManagement on Tenda AC23 (V16.03.07.45_cn)
CVE-2022-43107
9.8 - Critical
- November 03, 2022
Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the time parameter in the setSmartPowerManagement function.
Memory Corruption
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Tenda Ac23 Firmware or by Tenda? Click the Watch button to subscribe.
