| タイトル | Tenda G103 G103_V1.0.0.5 Command Injection |
|---|
| 説明 | A command injection vulnerability exists in the action_set_system_settings function of the system.lua file in Tenda G103 GPON optical network terminals. The vulnerability arises due to improper sanitization of the lanIp parameter, which is directly concatenated into system commands without validation. Authenticated attackers can exploit this to execute arbitrary system commands with root privileges, leading to full device compromise. |
|---|
| ソース | ⚠️ https://github.com/ZZ2266/.github.io/tree/main/Tenda%20G103/action_set_system_settings |
|---|
| ユーザー | n0ps1ed (UID 88889) |
|---|
| 送信 | 2026年03月16日 15:47 (20 日 ago) |
|---|
| モデレーション | 2026年04月01日 16:09 (16 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 354669 [Tenda G103 1.0.0.5 Setting system.lua action_set_system_settings lanIp 特権昇格] |
|---|
| ポイント | 20 |
|---|