Sign-up

ID

VAR-202604-0191


CVE

CVE-2026-5339


TITLE

Shenzhen Tenda Technology Co.,Ltd. of g103  Multiple vulnerabilities in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-010182

DESCRIPTION

A vulnerability was detected in Tenda G103 1.0.0.5. The impacted element is the function action_set_net_settings of the file gpon.lua of the component Setting Handler. Performing a manipulation of the argument authLoid/authLoidPassword/authPassword/authSerialNo/authType/oltType/usVlanId/usVlanPriority results in command injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. The affected component is... The attack code is currently public and could be exploited.All information handled by the software may be leaked to the outside. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-5339 // JVNDB: JVNDB-2026-010182

AFFECTED PRODUCTS

vendor:tendamodel:g103scope:eqversion:1.0.0.5

Trust: 1.0

vendor:tendamodel:g103scope:eqversion:g103 firmware 1.0.0.5

Trust: 0.8

vendor:tendamodel:g103scope: - version: -

Trust: 0.8

vendor:tendamodel:g103scope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2026-010182 // NVD: CVE-2026-5339

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2026-5339
value: LOW

Trust: 1.0

nvd@nist.gov: CVE-2026-5339
value: HIGH

Trust: 1.0

OTHER: JVNDB-2026-010182
value: HIGH

Trust: 0.8

cna@vuldb.com: CVE-2026-5339
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:L/AU:M/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2026-010182
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:L/AU:M/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2026-5339
baseSeverity: MEDIUM
baseScore: 4.7
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 1.2
impactScore: 3.4
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2026-5339
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2026-010182
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2026-010182 // NVD: CVE-2026-5339 // NVD: CVE-2026-5339

PROBLEMTYPE DATA

problemtype:CWE-74

Trust: 1.0

problemtype:CWE-77

Trust: 1.0

problemtype:injection (CWE-74) [ others ]

Trust: 0.8

problemtype: Command injection (CWE-77) [NVD evaluation ]

Trust: 0.8

problemtype: Command injection (CWE-77) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-010182 // NVD: CVE-2026-5339

PATCH

title://vuldb.com/submit/781145url:https://github.com/ZZ2266/.github.io/tree/main/Tenda%20G103/authLoid

Trust: 0.8

sources: JVNDB: JVNDB-2026-010182

EXTERNAL IDS

db:NVDid:CVE-2026-5339

Trust: 2.6

db:JVNDBid:JVNDB-2026-010182

Trust: 0.8

sources: JVNDB: JVNDB-2026-010182 // NVD: CVE-2026-5339

REFERENCES

url:https://www.tenda.com.cn/

Trust: 1.8

url:https://vuldb.com/submit/781133

Trust: 1.0

url:https://vuldb.com/vuln/354670/cti

Trust: 1.0

url:https://vuldb.com/submit/781143

Trust: 1.0

url:https://vuldb.com/vuln/354670

Trust: 1.0

url:https://vuldb.com/submit/781132

Trust: 1.0

url:https://vuldb.com/submit/781142

Trust: 1.0

url:https://vuldb.com/submit/781145

Trust: 1.0

url:https://github.com/zz2266/.github.io/tree/main/tenda%20g103/authloid

Trust: 1.0

url:https://vuldb.com/submit/781134

Trust: 1.0

url:https://vuldb.com/submit/781144

Trust: 1.0

url:https://vuldb.com/submit/781135

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2026-5339

Trust: 0.8

sources: JVNDB: JVNDB-2026-010182 // NVD: CVE-2026-5339

SOURCES

db:JVNDBid:JVNDB-2026-010182
db:NVDid:CVE-2026-5339

LAST UPDATE DATE

2026-04-08T23:57:57.144000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2026-010182date:2026-04-08T01:52:00
db:NVDid:CVE-2026-5339date:2026-04-06T16:07:38.257

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2026-010182date:2026-04-08T00:00:00
db:NVDid:CVE-2026-5339date:2026-04-02T15:16:53.080