Submeter #781131: Tenda G103 G103_V1.0.0.5 Command Injectioninformação

TítuloTenda G103 G103_V1.0.0.5 Command Injection
DescriçãoA command injection vulnerability exists in the action_set_system_settings function of the system.lua file in Tenda G103 GPON optical network terminals. The vulnerability arises due to improper sanitization of the lanIp parameter, which is directly concatenated into system commands without validation. Authenticated attackers can exploit this to execute arbitrary system commands with root privileges, leading to full device compromise.
Fonte⚠️ https://github.com/ZZ2266/.github.io/tree/main/Tenda%20G103/action_set_system_settings
Utilizador
 n0ps1ed (UID 88889)
Submissão16/03/2026 15h47 (há 20 dias)
Moderação01/04/2026 16h09 (16 days later)
EstadoAceite
Entrada VulDB354669 [Tenda G103 1.0.0.5 Setting system.lua action_set_system_settings lanIp Elevação de Privilégios]
Pontos20

VoltarVisão GeralPróximo

Do you want to use VulDB in your project?

Use the official API to access entries easily!