CVE-2026-5339

MEDIUM

Tenda G103 Setting gpon.lua action_set_net_settings command injection

Title source: cna
STIX 2.1

Description

A vulnerability was detected in Tenda G103 1.0.0.5. The impacted element is the function action_set_net_settings of the file gpon.lua of the component Setting Handler. Performing a manipulation of the argument authLoid/authLoidPassword/authPassword/authSerialNo/authType/oltType/usVlanId/usVlanPriority results in command injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.

References (12)

Core 12
Core References
Vdb Entry, Technical Description vdb-entry technical-description
VDB-354670 | Tenda G103 Setting gpon.lua action_set_net_settings command injection
https://vuldb.com/vuln/354670
Signature, Permissions Required signature permissions-required
VDB-354670 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/vuln/354670/cti
Third Party Advisory third-party-advisory
Submit #781132 | Tenda G103 G103_V1.0.0.5 Command Injection
https://vuldb.com/submit/781132
Third Party Advisory third-party-advisory
Submit #781133 | Tenda G103 G103_V1.0.0.5 Command Injection (Duplicate)
https://vuldb.com/submit/781133
Third Party Advisory third-party-advisory
Submit #781134 | Tenda G103 G103_V1.0.0.5 Command Injection (Duplicate)
https://vuldb.com/submit/781134
Third Party Advisory third-party-advisory
Submit #781135 | Tenda G103 G103_V1.0.0.5 Command Injection (Duplicate)
https://vuldb.com/submit/781135
Third Party Advisory third-party-advisory
Submit #781142 | Tenda G103 G103_V1.0.0.5 Command Injection (Duplicate)
https://vuldb.com/submit/781142
Third Party Advisory third-party-advisory
Submit #781143 | Tenda G103 G103_V1.0.0.5 Command Injection (Duplicate)
https://vuldb.com/submit/781143
Third Party Advisory third-party-advisory
Submit #781144 | Tenda G103 G103_V1.0.0.5 Command Injection (Duplicate)
https://vuldb.com/submit/781144
Third Party Advisory third-party-advisory
Submit #781145 | Tenda G103 G103_V1.0.0.5 Command Injection (Duplicate)
https://vuldb.com/submit/781145
Product product
https://www.tenda.com.cn/

Scores

CVSS v3 4.7
EPSS 0.0570
EPSS Percentile 92.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-74 CWE-77
Status published
Products (2)
Tenda/G103 1.0.0.5
tenda/g103_firmware 1.0.0.5
Published Apr 02, 2026
Tracked Since Apr 02, 2026