Detections
Analytics

CVE-2026-5338

medium

Description

A security vulnerability has been detected in Tenda G103 1.0.0.5. The affected element is the function action_set_system_settings of the file system.lua of the component Setting Handler. Such manipulation of the argument lanIp leads to command injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.

References

https://www.tenda.com.cn/

https://vuldb.com/vuln/354669/cti

https://vuldb.com/vuln/354669

https://vuldb.com/submit/781131

https://github.com/ZZ2266/.github.io/tree/main/Tenda%20G103/action_set_system_settings

Details

Source: Mitre, NVD

Published: 2026-04-02

Updated: 2026-04-02

Risk Information

CVSS v2

Base Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:M/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 4.7

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Severity: Medium

CVSS v4

Base Score: 5.1

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Severity: Medium