Description

A security flaw has been discovered in Tenda AC23 16.03.07.52. Affected is the function formSetPPTPUserList of the component HTTP POST Request Handler. Performing manipulation of the argument list results in buffer overflow. The attack can be initiated remotely.

Related CPE's

o

tenda

ac23_firmware

16.03.07.52

Vulnerable

h

tenda

ac23

-

References

https://lavender-bicycle-a5a.notion.site/Tenda-AC23-formSetPPTPUserList-2d753a41781f8091b772cf9e66a687f1?source=copy_link

ExploitThird Party Advisory

https://vuldb.com/?ctiid.338602

Permissions RequiredVDB Entry

https://vuldb.com/?id.338602

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.725448

Third Party AdvisoryVDB Entry

https://www.tenda.com.cn/

Product

https://lavender-bicycle-a5a.notion.site/Tenda-AC23-formSetPPTPUserList-2d753a41781f8091b772cf9e66a687f1

ExploitThird Party Advisory

Weaknesses

[email protected]

Secondary
CWE-119CWE-120

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 · High

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2025-12-30T02:15:51.887Z

2 weeks ago

Last modified

2026-01-02T20:29:28.123Z

1 week ago