Vulnerability Description
A vulnerability was detected in Tenda G103 1.0.0.5. The impacted element is the function action_set_net_settings of the file gpon.lua of the component Setting Handler. Performing a manipulation of the argument authLoid/authLoidPassword/authPassword/authSerialNo/authType/oltType/usVlanId/usVlanPriority results in command injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tenda | G103 Firmware | 1.0.0.5 |
| Tenda | G103 | - |
Related Weaknesses (CWE)
References
- https://github.com/ZZ2266/.github.io/tree/main/Tenda%20G103/authLoidExploitThird Party Advisory
- https://vuldb.com/submit/781132Third Party AdvisoryVDB Entry
- https://vuldb.com/submit/781133Third Party AdvisoryVDB Entry
- https://vuldb.com/submit/781134Third Party AdvisoryVDB Entry
- https://vuldb.com/submit/781135Third Party AdvisoryVDB Entry
- https://vuldb.com/submit/781142Third Party AdvisoryVDB Entry
- https://vuldb.com/submit/781143Third Party AdvisoryVDB Entry
- https://vuldb.com/submit/781144Third Party AdvisoryVDB Entry
- https://vuldb.com/submit/781145Third Party AdvisoryVDB Entry
- https://vuldb.com/vuln/354670Third Party AdvisoryVDB Entry
- https://vuldb.com/vuln/354670/ctiPermissions RequiredVDB Entry
- https://www.tenda.com.cn/Product
FAQ
What is CVE-2026-5339?
CVE-2026-5339 is a vulnerability with a CVSS score of 4.7 (MEDIUM). A vulnerability was detected in Tenda G103 1.0.0.5. The impacted element is the function action_set_net_settings of the file gpon.lua of the component Setting Handler. Performing a manipulation of the...
How severe is CVE-2026-5339?
CVE-2026-5339 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-5339?
Check the references section above for vendor advisories and patch information. Affected products include: Tenda G103 Firmware, Tenda G103.