Sign-up

ID

VAR-202604-3188


CVE

CVE-2026-7469


TITLE

Shenzhen Tenda Technology Co.,Ltd. of 4g300  Multiple vulnerabilities in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-014288

DESCRIPTION

A vulnerability was detected in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01. This impacts the function sub_425A28 of the file /goform/DelFil. The manipulation of the argument delflag results in command injection. The attack may be launched remotely. The exploit is now public and may be used. The exploit has already been publicly disclosed and is at risk of being exploited.Some of the information handled by the software may be leaked to the outside. Also, some of the information handled by the software may be rewritten. Furthermore, some of the software may stop functioning. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-7469 // JVNDB: JVNDB-2026-014288

AFFECTED PRODUCTS

vendor:tendamodel:4g300scope:eqversion:1.01.42_cn_tdc01

Trust: 1.0

vendor:tendamodel:4g300scope:eqversion: -

Trust: 0.8

vendor:tendamodel:4g300scope:eqversion:4g300 firmware 1.01.42_cn_tdc01

Trust: 0.8

vendor:tendamodel:4g300scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2026-014288 // NVD: CVE-2026-7469

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2026-7469
value: LOW

Trust: 1.0

OTHER: JVNDB-2026-014288
value: MEDIUM

Trust: 0.8

cna@vuldb.com: CVE-2026-7469
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2026-014288
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2026-7469
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 3.4
version: 3.1

Trust: 1.0

OTHER: JVNDB-2026-014288
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2026-014288 // NVD: CVE-2026-7469

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.0

problemtype:CWE-74

Trust: 1.0

problemtype:injection (CWE-74) [ others ]

Trust: 0.8

problemtype: Command injection (CWE-77) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-014288 // NVD: CVE-2026-7469

PATCH

title:httpsurl:https://vuldb.com/submit/804268

Trust: 0.8

sources: JVNDB: JVNDB-2026-014288

EXTERNAL IDS

db:NVDid:CVE-2026-7469

Trust: 2.6

db:JVNDBid:JVNDB-2026-014288

Trust: 0.8

sources: JVNDB: JVNDB-2026-014288 // NVD: CVE-2026-7469

REFERENCES

url:https://www.tenda.com.cn/

Trust: 1.8

url:https://vuldb.com/vuln/360205/cti

Trust: 1.0

url:https://vuldb.com/submit/804268

Trust: 1.0

url:https://github.com/axelioc/cve/blob/main/tenda/us_4g300/sub_425a28/sub_425a28.md

Trust: 1.0

url:https://vuldb.com/vuln/360205

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2026-7469

Trust: 0.8

sources: JVNDB: JVNDB-2026-014288 // NVD: CVE-2026-7469

SOURCES

db:JVNDBid:JVNDB-2026-014288
db:NVDid:CVE-2026-7469

LAST UPDATE DATE

2026-06-19T23:31:45.597000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2026-014288date:2026-05-07T03:27:00
db:NVDid:CVE-2026-7469date:2026-04-30T20:41:35.710

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2026-014288date:2026-05-07T00:00:00
db:NVDid:CVE-2026-7469date:2026-04-30T02:16:06.967