CVE-2026-3400:

Overview

A critical security vulnerability has been identified in certain versions of the Tenda AC15 wireless router. The flaw resides in a specific administrative function and can be exploited by a remote attacker to trigger a stack-based buffer overflow. This type of vulnerability allows an attacker to potentially take control of the affected device.

Vulnerability Details

In simple terms, the router’s web management interface contains a feature for configuring Wi-Fi settings. A particular parameter (wpapsk_crypto2_4g) sent to this interface is not properly checked for size. By sending an overly long, specially crafted request to the /goform/TextEditingConversion page, an attacker can overflow a memory buffer on the device’s stack. This corruption can crash the router or, more critically, allow the attacker to execute arbitrary code. The exploit for this vulnerability is publicly available, increasing the risk of active attacks.

Potential Impact

If successfully exploited, this vulnerability can have severe consequences:

• Remote Code Execution: An unauthenticated attacker on the same network (or potentially from the internet if remote administration is enabled) could gain full control of the router.
• Network Compromise: A compromised router can be used to intercept all internet traffic, redirect users to malicious sites, steal credentials, and attack other devices on the local network.
• Denial of Service: Attack attempts could cause the router to become unstable or crash, resulting in a loss of internet connectivity for all connected devices.

Remediation and Mitigation

Immediate action is required to protect affected networks.

Primary Action - Firmware Update:

1. Check your Tenda AC15 router’s firmware version via its web admin interface (typically http://192.168.0.1 or http://tendawifi.com).
2. If the firmware version is 15.13.07.13 or earlier, you are vulnerable.
3. Visit the official Tenda website support section, locate your AC15 model, and download the latest available firmware. Version 15.13.07.13_Multi is confirmed vulnerable; you must install a newer version.
4. Carefully follow the vendor’s instructions to upload and install the update.

Interim Mitigations (if update is not immediately possible):

• Disable WAN (Remote) Management: Ensure the router’s administrative interface is not accessible from the internet. This setting is usually found under “System Tools” or “Security” in the admin panel.
• Segment Networks: Place sensitive devices on a separate VLAN if your network infrastructure supports it, limiting the attack surface.
• Monitor for Anomalies: Watch for unexpected router reboots, configuration changes, or degraded performance.

After applying the firmware update, reboot the router to ensure the patch is fully active.