Home / Vulnerability Intelligence / CVE-2026-3400

CVE-2026-3400 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: March 2, 2026

Tenda AC15 - Buffer Overflow

Published: March 2, 2026Updated: March 2, 2026Remote Exploitable

Overview

Tenda AC15 <= 15.13.07.13 contains a stack-based buffer overflow caused by manipulation of the argument wpapsk_crypto2_4g in /goform/TextEditingConversion, letting remote attackers cause denial of service or execute code, exploit requires crafted request.

Severity & Score

Severity: High

CVSS Score: 8.8

EPSS Score: 4.6%(Probability of exploitation in next 30 days)

Impact

Remote attackers can cause denial of service or execute arbitrary code, potentially compromising the device.

Mitigation

Update to the latest available version beyond 15.13.07.13.

References

Social Media Activity(2 posts)

TheHackerWire

@thehackerwire

Mar 2, 2026

🟠 CVE-2026-3400 - High (8.8) A security flaw has been discovered in Tenda AC15 up to 15.13.07.13. Affected by this issue is some unknown functionality of the file /goform/TextEditingConversion. The manipulation of the argument wpapsk_crypto2_4g results in stack-based buffer o... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3400/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Offensive Sequence

@offseq

Mar 2, 2026

🛡️ CVE-2026-3400 (HIGH, CVSS 8.7): Stack-based buffer overflow in Tenda AC15 routers (≤v15.13.07.13) allows unauthenticated remote code execution. PoC code is public. Restrict access & monitor for patches! https://radar.offseq.com/threat/cve-2026-3400-stack-based-buffer-overflow-in-tenda-c665b93a #OffSeq #Infosec #CVE #Vulnerability

View original post

Related Resources

Details

CVE ID: CVE-2026-3400
Severity: High
CVSS Score: 8.8
Type: buffer_overflow
Status: unconfirmed
EPSS: 4.6%
Social Posts: 2

CWE

CWE-119

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

4.6%Probability of exploitation in the next 30 days