Details of VAR-202604-0974

ID

VAR-202604-0974

CVE

CVE-2026-5338

TITLE

Shenzhen Tenda Technology Co.,Ltd. of g103 Multiple vulnerabilities in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-010314

DESCRIPTION

A security vulnerability has been detected in Tenda G103 1.0.0.5. The affected element is the function action_set_system_settings of the file system.lua of the component Setting Handler. Such manipulation of the argument lanIp leads to command injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. The affected parts are components. The exploit has been exposed and is at risk of being exploited.All information handled by the software may be leaked to the outside. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-5338 // JVNDB: JVNDB-2026-010314

AFFECTED PRODUCTS

vendor:	tenda	model:	g103	scope:	eq	version:	1.0.0.5	Trust: 1.0
vendor:	tenda	model:	g103	scope:	eq	version:	g103 firmware 1.0.0.5	Trust: 0.8
vendor:	tenda	model:	g103	scope:	eq	version:	-	Trust: 0.8
vendor:	tenda	model:	g103	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2026-010314 // NVD: CVE-2026-5338

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2026-5338
value:	LOW
Trust: 1.0
nvd@nist.gov:	CVE-2026-5338
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2026-010314
value:	HIGH
Trust: 0.8

cna@vuldb.com:	CVE-2026-5338
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:L/AU:M/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	MULTIPLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.4
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2026-010314
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:L/AU:M/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	MULTIPLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8

cna@vuldb.com:	CVE-2026-5338
baseSeverity:	MEDIUM
baseScore:	4.7
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	1.2
impactScore:	3.4
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2026-5338
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2026-010314
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2026-010314 // NVD: CVE-2026-5338 // NVD: CVE-2026-5338

PROBLEMTYPE DATA

problemtype:	CWE-74	Trust: 1.0
problemtype:	CWE-77	Trust: 1.0
problemtype:	injection (CWE-74) [ others ]	Trust: 0.8
problemtype:	Command injection (CWE-77) [NVD evaluation ]	Trust: 0.8
problemtype:	Command injection (CWE-77) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2026-010314 // NVD: CVE-2026-5338

PATCH

title:

//vuldb.com/vuln/354669

url:

https://github.com/ZZ2266/.github.io/tree/main/Tenda%20G103/action_set_system_settings

Trust: 0.8

sources: JVNDB: JVNDB-2026-010314

EXTERNAL IDS

db:	NVD	id:	CVE-2026-5338	Trust: 2.6
db:	JVNDB	id:	JVNDB-2026-010314	Trust: 0.8

sources: JVNDB: JVNDB-2026-010314 // NVD: CVE-2026-5338

REFERENCES

url:	https://www.tenda.com.cn/	Trust: 1.8
url:	https://vuldb.com/vuln/354669/cti	Trust: 1.0
url:	https://vuldb.com/vuln/354669	Trust: 1.0
url:	https://vuldb.com/submit/781131	Trust: 1.0
url:	https://github.com/zz2266/.github.io/tree/main/tenda%20g103/action_set_system_settings	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2026-5338	Trust: 0.8

sources: JVNDB: JVNDB-2026-010314 // NVD: CVE-2026-5338

SOURCES

db:	JVNDB	id:	JVNDB-2026-010314
db:	NVD	id:	CVE-2026-5338

LAST UPDATE DATE

2026-04-10T23:50:37.355000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2026-010314	date:	2026-04-09T01:41:00
db:	NVD	id:	CVE-2026-5338	date:	2026-04-07T15:42:43.130

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2026-010314	date:	2026-04-09T00:00:00
db:	NVD	id:	CVE-2026-5338	date:	2026-04-02T14:16:37.403