PT-2023-3103 · Tenda · Tenda G103 Gigabit Gpon Terminal
Published
2023-05-22
·
Updated
2025-01-08
·
CVE-2023-33530
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Tenda G103 Gigabit GPON Terminal version V1.0.0.5
Description
The issue is related to a lack of input data sanitization, which can be exploited by an attacker to elevate privileges and execute arbitrary commands. If an attacker gains web management privileges, they can inject commands to gain shell privileges.
Recommendations
For Tenda G103 Gigabit GPON Terminal version V1.0.0.5, consider restricting web management privileges to minimize the risk of exploitation. As a temporary workaround, limit the ability to inject commands until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tenda G103 Gigabit Gpon Terminal