LeakyCreds
NewInstant webhook alerts now available ā€” notified within seconds of any credential detection.Learn more ā†’
Home / Vulnerability Intelligence / CVE-2026-32296

CVE-2026-32296 - Vulnerability Analysis

HighCVSS: 8.2

Last Updated: March 18, 2026

Sipeed NanoKVM - Broken Access Control

Published: March 17, 2026Updated: March 18, 2026Remote Exploitable

Overview

Sipeed NanoKVM < 2.3.1 contains an insecure Wi-Fi configuration endpoint caused by lack of proper security checks, letting unauthenticated attackers with network access change Wi-Fi settings or cause denial of service, exploit requires network access.

Severity & Score

Severity: High
CVSS Score: 8.2
EPSS Score: 5.4%(Probability of exploitation in next 30 days)

Impact

Unauthenticated attackers can change Wi-Fi settings or cause denial of service by exhausting system memory.

Mitigation

Update to version 2.3.1 or later.

References

Social Media Activity(5 posts)

TheHackerWire
TheHackerWire
@thehackerwire
Mar 17, 2026

šŸŸ  CVE-2026-32296 - High (8.2) Sipeed NanoKVM before 2.3.1 exposes a Wi-Fi configuration endpoint without proper security checks, allowing an unauthenticated attacker with network access to change the saved configured Wi-Fi network to one of the attacker's choosing, or craft a ... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-32296/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Mar 17, 2026

šŸŸ  CVE-2026-32296 - High (8.2) Sipeed NanoKVM before 2.3.1 exposes a Wi-Fi configuration endpoint without proper security checks, allowing an unauthenticated attacker with network access to change the saved configured Wi-Fi network to one of the attacker's choosing, or craft a ... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-32296/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Mar 17, 2026

šŸŸ  CVE-2026-32296 - High (8.2) Sipeed NanoKVM before 2.3.1 exposes a Wi-Fi configuration endpoint without proper security checks, allowing an unauthenticated attacker with network access to change the saved configured Wi-Fi network to one of the attacker's choosing, or craft a ... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-32296/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Mar 17, 2026

šŸŸ  CVE-2026-32296 - High (8.2) Sipeed NanoKVM before 2.3.1 exposes a Wi-Fi configuration endpoint without proper security checks, allowing an unauthenticated attacker with network access to change the saved configured Wi-Fi network to one of the attacker's choosing, or craft a ... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-32296/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Mar 17, 2026

šŸŸ  CVE-2026-32296 - High (8.2) Sipeed NanoKVM before 2.3.1 exposes a Wi-Fi configuration endpoint without proper security checks, allowing an unauthenticated attacker with network access to change the saved configured Wi-Fi network to one of the attacker's choosing, or craft a ... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-32296/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID
CVE-2026-32296
Severity
High
CVSS Score
8.2
Type
broken_access_control
Status
unconfirmed
EPSS
5.4%
Social Posts
5

CWE

  • CWE-306

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

EPSS Score

5.4%Probability of exploitation in the next 30 days