Enviar #781132: Tenda G103 G103_V1.0.0.5 Command Injectioninformación

TítuloTenda G103 G103_V1.0.0.5 Command Injection
DescripciónA command injection vulnerability exists in the action_set_net_settings function within the gpon.lua file of Tenda G103 GPON optical network terminals. This vulnerability is caused by improper sanitization of the authLoid parameter, which is directly concatenated into system commands without validation. Authenticated attackers can exploit this flaw to execute arbitrary system commands with root privileges, potentially leading to full device compromise.
Fuente⚠️ https://github.com/ZZ2266/.github.io/tree/main/Tenda%20G103/authLoid
Usuario
 n0ps1ed (UID 88889)
Sumisión2026-03-16 15:47 (hace 21 días)
Moderación2026-04-01 16:09 (16 days later)
EstadoAceptado
Entrada de VulDB354670 [Tenda G103 1.0.0.5 Setting gpon.lua action_set_net_settings escalada de privilegios]
Puntos20

AnteriorVisión De ConjuntoPróximo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!