CVE-2026-5339

EUVD-2026-18342
A vulnerability was detected in Tenda G103 1.0.0.5. The impacted element is the function action_set_net_settings of the file gpon.lua of the component Setting Handler. Performing a manipulation of the argument authLoid/authLoidPassword/authPassword/authSerialNo/authType/oltType/usVlanId/usVlanPriority results in command injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.
Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.7 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
VulDBCNA
4.7 MEDIUM
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
References
https://github.com/ZZ2266/.github.io/tree/main/Tenda%20G103/authLoid
https://vuldb.com/submit/781132
https://vuldb.com/submit/781133
https://vuldb.com/submit/781134
https://vuldb.com/submit/781135
https://vuldb.com/submit/781142
https://vuldb.com/submit/781143
https://vuldb.com/submit/781144
https://vuldb.com/submit/781145
https://vuldb.com/vuln/354670
https://vuldb.com/vuln/354670/cti
https://www.tenda.com.cn/