← volver
CVE-2026-5339

Tenda G103 Setting gpon.lua action_set_net_settings command injection

CVSS 5.1 MEDIUMEPSS 5.7%CWE-74CWE-77
A vulnerability was detected in Tenda G103 1.0.0.5. The impacted element is the function action_set_net_settings of the file gpon.lua of the component Setting Handler. Performing a manipulation of the argument authLoid/authLoidPassword/authPassword/authSerialNo/authType/oltType/usVlanId/usVlanPriority results in command injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Productos afectados
Tenda · G103
PoCs públicas encontradas1
cve_referencegithub.com/ZZ2266/.github.io/tree/main/Tenda%20G103/authLoidno verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/ZZ2266/.github.io/tree/main/Tenda%20G103/authLoidhttps://vuldb.com/submit/781132https://vuldb.com/submit/781133https://vuldb.com/submit/781134https://vuldb.com/submit/781135https://vuldb.com/submit/781142https://vuldb.com/submit/781143https://vuldb.com/submit/781144https://vuldb.com/submit/781145https://vuldb.com/vuln/354670https://vuldb.com/vuln/354670/ctihttps://www.tenda.com.cn/