CVE-2026-5527

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Tenda 4G03 Pro versions 1.0/1.0re/01.bin/04.03.01.53

Description A weakness exists due to the use of a hard-coded cryptographic key within the ECDSA P-256 Private Key Handler functionality associated with the file /etc/www/pem/server.key. This issue can be exploited remotely.

Recommendations Update to a newer version that addresses this issue. As a temporary workaround, restrict access to the /etc/www/pem/server.key file to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-321CWE-320

Related Identifiers

CVE-2026-5527

Affected Products

Tenda 4G03 Pro

CVE-2026-5527

Weakness Enumeration

Related Identifiers

Affected Products

References · 9