CNNVD-202601-4417 Information

Jan 26, 2026 cve

CNNVD ID

CNNVD-202601-4417

CVE-2026-1420

CNNVD Published: 2026-01-26

Description (Chinese)

Tenda AC23是中国腾达（Tenda）公司的一款双频千兆无线路由器。 Tenda AC23 16.03.07.52版本存在安全漏洞，该漏洞源于对文件/goform/WifiExtraSet中参数wpapsk_crypto的错误操作，可能导致缓冲区溢出。

Description (English)

Tenda AC23 is a dual-frequency, giga-wireless router of Tenda, China. There is a security loophole in version 16.03.07.52 of Tenda AC 23 16.03.52, which stems from an error in the application of the parameters Wpapsk crypto in the document/goform/WifiExtraSet, which could lead to a spilling of the buffer zone.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

腾达

Published

2026-01-26

Last Modified

2026-02-24

References

https://github.com/xyh4ck/iot_poc/blob/main/Tenda%20AC23_Buffer_Overflow_WifiExtraSet/Tenda%20AC23_Buffer_Overflow_WifiExtraSet.md https://vuldb.com/?id.342836 https://github.com/xyh4ck/iot_poc/blob/main/Tenda%20AC23_Buffer_Overflow_WifiExtraSet/Tenda%20AC23_Buffer_Overflow_WifiExtraSet.md#poc https://www.tenda.com.cn/ https://vuldb.com/?submit.736559 https://vuldb.com/?ctiid.342836 https://access.redhat.com/security/cve/cve-2026-1420

Share on: