Vulnerability Details CVE-2026-5339
A vulnerability was detected in Tenda G103 1.0.0.5. The impacted element is the function action_set_net_settings of the file gpon.lua of the component Setting Handler. Performing a manipulation of the argument authLoid/authLoidPassword/authPassword/authSerialNo/authType/oltType/usVlanId/usVlanPriority results in command injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 39.2%
CVSS Severity
CVSS v3 Score 4.7
CVSS v2 Score 5.8
References
- https://github.com/ZZ2266/.github.io/tree/main/Tenda%20G103/authLoid
- https://vuldb.com/submit/781132
- https://vuldb.com/submit/781133
- https://vuldb.com/submit/781134
- https://vuldb.com/submit/781135
- https://vuldb.com/submit/781142
- https://vuldb.com/submit/781143
- https://vuldb.com/submit/781144
- https://vuldb.com/submit/781145
- https://vuldb.com/vuln/354670
- https://vuldb.com/vuln/354670/cti
- https://www.tenda.com.cn/
Products affected by CVE-2026-5339
-
cpe:2.3:h:tenda:g103:-
-
cpe:2.3:o:tenda:g103_firmware:1.0.0.5