CVE-2026-5526

HIGH

Tenda 4G03 Pro httpd access control

Title source: cna

Description

A security flaw has been discovered in Tenda 4G03 Pro up to 1.0/1.1/04.03.01.53/192.168.0.1. Affected by this vulnerability is an unknown functionality of the file /bin/httpd. The manipulation results in improper access controls. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.

References (4)

[Vdb Entry] https://vuldb.com/vuln/355279

[Signature, Permissions Required] https://vuldb.com/vuln/355279/cti

[Third Party Advisory] https://vuldb.com/submit/782052

[Product] https://www.tenda.com.cn/

Scores

CVSS v3 7.3

EPSS 0.0005

EPSS Percentile 15.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-266 CWE-284

Status published

Products (50)

Tenda/4G03 Pro 04.03.01.0

Tenda/4G03 Pro 04.03.01.1

Tenda/4G03 Pro 04.03.01.10

Tenda/4G03 Pro 04.03.01.11

Tenda/4G03 Pro 04.03.01.12

Tenda/4G03 Pro 04.03.01.13

Tenda/4G03 Pro 04.03.01.14

Tenda/4G03 Pro 04.03.01.15

Tenda/4G03 Pro 04.03.01.16

Tenda/4G03 Pro 04.03.01.17

... and 40 more

Published Apr 04, 2026

Tracked Since Apr 05, 2026