CVE-2026-5338

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Tenda G103 version 1.0.0.5

Description A security issue exists in Tenda G103 version 1.0.0.5. Manipulation of the lanIp argument within the action set system settings function in the system.lua file of the Setting Handler component can lead to command injection. This can be exploited remotely. The exploit has been publicly disclosed.

Recommendations Update to a newer version that contains a fix for this vulnerability.

Exploit

Fix

Special Elements Injection

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-77

Related Identifiers

CVE-2026-5338

Affected Products

Tenda G103

CVE-2026-5338

Weakness Enumeration

Related Identifiers

Affected Products

References · 7