EUVD-2026-18342
GHSA-7g3h-f8vq-89vv
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
6DescriptionCVE.org
A vulnerability was detected in Tenda G103 1.0.0.5. The impacted element is the function action_set_net_settings of the file gpon.lua of the component Setting Handler. Performing a manipulation of the argument authLoid/authLoidPassword/authPassword/authSerialNo/authType/oltType/usVlanId/usVlanPriority results in command injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.
AnalysisAI
Command injection in Tenda G103 1.0.0.5 setting handler allows high-privilege remote attackers to execute arbitrary commands via manipulation of multiple GPON authentication parameters (authLoid, authLoidPassword, authPassword, authSerialNo, authType, oltType, usVlanId, usVlanPriority) in the gpon.lua component. Publicly available exploit code exists, though the CVSS:3.1/AV:N/AC:L/PR:H vector indicates attacks require high administrative privileges and deliver limited impact (confidentiality, integrity, availability each L). …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Vulnerability AssessmentAI
| Risk Assessment | The CVSS score of 4.7 reflects a moderate-to-low severity profile: the attack vector is network-accessible (AV:N) with low complexity (AC:L), but critically requires high privileges (PR:H-authenticated admin-level access) and yields only partial impact across confidentiality, integrity, and availability (all L). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with valid high-privilege (admin) credentials to a Tenda G103 device could craft a POST or GET request to the gpon.lua setting handler's action_set_net_settings function, injecting shell metacharacters (e.g., semicolons, pipes, backticks) into the authLoid or usVlanId parameter. The unvalidated input is executed by the device's system shell, allowing the attacker to run arbitrary commands with device privileges-for example, exfiltrating configuration data, modifying firewall rules, or establishing persistence. … |
| Remediation | No vendor-released patch or fixed version has been identified in the provided data. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More from same product – last 7 days
Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_ims_on_with_apn via the
Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_unlock_sim via the pin p
Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_set_volume via the volum
Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_set_rat_mode via the rat
Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_radio_on_with_ia_apn via
Share
External POC / Exploit Code
Leaving vuln.today