Submeter #781133: Tenda G103 G103_V1.0.0.5 Command Injectioninformação

TítuloTenda G103 G103_V1.0.0.5 Command Injection
DescriçãoA command injection vulnerability exists in the action_set_net_settings function within the gpon.lua file of Tenda G103 GPON optical network terminals. This vulnerability arises due to improper sanitization of the authLoidPassword parameter, which is directly concatenated into system commands without validation. Authenticated attackers can exploit this flaw to execute arbitrary system commands with root privileges, potentially leading to full device compromise.
Fonte⚠️ https://github.com/ZZ2266/.github.io/tree/main/Tenda%20G103/authLoidPassword
Utilizador
 n0ps1ed (UID 88889)
Submissão16/03/2026 15h48 (há 24 dias)
Moderação01/04/2026 16h09 (16 days later)
EstadoDuplicado
Entrada VulDB354670 [Tenda G103 1.0.0.5 Setting gpon.lua action_set_net_settings Elevação de Privilégios]
Pontos0

VoltarVisão GeralPróximo

Want to stay up to date on a daily basis?

Enable the mail alert feature now!