Details of VAR-202604-0974

ID

VAR-202604-0974

CVE

CVE-2026-5338

DESCRIPTION

A security vulnerability has been detected in Tenda G103 1.0.0.5. The affected element is the function action_set_system_settings of the file system.lua of the component Setting Handler. Such manipulation of the argument lanIp leads to command injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.

Trust: 1.0

sources: NVD: CVE-2026-5338

AFFECTED PRODUCTS

vendor:

tenda

model:

g103

scope:

version:

1.0.0.5

Trust: 1.0

sources: NVD: CVE-2026-5338

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2026-5338
value:	LOW
Trust: 1.0
nvd@nist.gov:	CVE-2026-5338
value:	HIGH
Trust: 1.0

cna@vuldb.com:	CVE-2026-5338
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:L/AU:M/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	MULTIPLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.4
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0

cna@vuldb.com:	CVE-2026-5338
baseSeverity:	MEDIUM
baseScore:	4.7
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	1.2
impactScore:	3.4
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2026-5338
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: NVD: CVE-2026-5338 // NVD: CVE-2026-5338

PROBLEMTYPE DATA

problemtype:	CWE-74	Trust: 1.0
problemtype:	CWE-77	Trust: 1.0

sources: NVD: CVE-2026-5338

EXTERNAL IDS

db:

NVD

id:

CVE-2026-5338

Trust: 1.0

sources: NVD: CVE-2026-5338

REFERENCES

url:	https://www.tenda.com.cn/	Trust: 1.0
url:	https://vuldb.com/vuln/354669/cti	Trust: 1.0
url:	https://vuldb.com/vuln/354669	Trust: 1.0
url:	https://vuldb.com/submit/781131	Trust: 1.0
url:	https://github.com/zz2266/.github.io/tree/main/tenda%20g103/action_set_system_settings	Trust: 1.0

sources: NVD: CVE-2026-5338

SOURCES

db:

NVD

id:

CVE-2026-5338

LAST UPDATE DATE

2026-04-08T23:58:20.323000+00:00

SOURCES UPDATE DATE

db:

NVD

id:

CVE-2026-5338

date:

2026-04-07T15:42:43.130

SOURCES RELEASE DATE

db:

NVD

id:

CVE-2026-5338

date:

2026-04-02T14:16:37.403