CVE-2023-33530

HIGH

Tenda G103 Firmware V1.0.0.5 - Authenticated Command Injection

Title source: llm

Description

There is a command injection vulnerability in the Tenda G103 Gigabit GPON Terminal with firmware version V1.0.0.5. If an attacker gains web management privileges, they can inject commands gaining shell privileges.

References (2)

Core 2

Core References

Not Applicable

http://tenda.com

Broken Link

https://github.com/D2y6p/CVE/blob/main/tenda/CVE-2023-33530/RCE2/tenda_G103_RCE_2.pdf

Scores

CVSS v3 8.8

EPSS 0.0100

EPSS Percentile 77.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-77

Status published

Products (1)

tenda/g103_firmware 1.0.0.5

Published Jun 06, 2023

Tracked Since Feb 18, 2026