CVE-2026-0640 is a buffer overflow vulnerability identified in the Tenda AC23 router firmware version 16.03.07.52. The issue arises from improper input validation in the sscanf function used in the /goform/PowerSaveSet endpoint, specifically when processing the 'Time' argument. An attacker can remotely send a specially crafted request to this endpoint, causing a buffer overflow condition. This overflow can corrupt memory, potentially allowing arbitrary code execution or causing the device to crash, leading to denial of service. The vulnerability requires no authentication or user interaction, making it highly exploitable over the network. The CVSS 4.0 score of 8.7 reflects the high impact on confidentiality, integrity, and availability, combined with low attack complexity and no privileges required. Although no active exploitation has been reported, a public exploit is available, increasing the urgency for mitigation. The vulnerability affects a widely used consumer and small business router model, which is often deployed in home and enterprise edge networks. The lack of an official patch at the time of disclosure necessitates immediate risk management and mitigation steps to prevent exploitation.

The exploitation of CVE-2026-0640 can have severe consequences for organizations and individuals using the Tenda AC23 router. Successful exploitation may allow attackers to execute arbitrary code remotely, potentially gaining control over the device. This can lead to interception or manipulation of network traffic, unauthorized access to internal networks, and pivoting to other systems. The buffer overflow can also cause device crashes, resulting in denial of service and network outages. Given the router's role as a gateway device, compromise can undermine the confidentiality, integrity, and availability of the entire network it protects. This risk extends to both home users and enterprises relying on this hardware for secure internet connectivity. The availability of a public exploit increases the likelihood of attacks, including automated scanning and exploitation campaigns. Organizations may face operational disruptions, data breaches, and reputational damage if the vulnerability is exploited.

1. Immediate mitigation should focus on isolating affected Tenda AC23 devices from untrusted networks to reduce exposure. 2. Monitor network traffic for unusual requests targeting the /goform/PowerSaveSet endpoint, especially those containing suspicious 'Time' parameter values. 3. Apply network-level filtering or firewall rules to block access to the vulnerable endpoint from external sources. 4. Check for firmware updates or patches from Tenda regularly and apply them as soon as they become available. 5. If patches are not yet available, consider replacing vulnerable devices with alternative hardware from vendors with timely security support. 6. Implement network segmentation to limit the impact of a compromised router on internal systems. 7. Conduct regular vulnerability assessments and penetration testing to detect exploitation attempts. 8. Educate users and administrators about the risks and signs of compromise related to this vulnerability. 9. Employ intrusion detection/prevention systems (IDS/IPS) capable of detecting exploit attempts targeting this vulnerability. 10. Maintain robust backup and recovery procedures to restore network functionality in case of disruption.