Submeter #781134: Tenda G103 G103_V1.0.0.5 Command Injectioninformação

TítuloTenda G103 G103_V1.0.0.5 Command Injection
DescriçãoA command injection vulnerability exists in the action_set_net_settings function within the gpon.lua file of Tenda G103 GPON optical network terminals. This vulnerability arises due to improper sanitization of the authPassword parameter, which is directly concatenated into system commands without validation. Authenticated attackers can exploit this flaw to execute arbitrary system commands with root privileges, potentially leading to full device compromise.
Fonte⚠️ https://github.com/ZZ2266/.github.io/tree/main/Tenda%20G103/authPassword
Utilizador
 n0ps1ed (UID 88889)
Submissão16/03/2026 15h49 (há 24 dias)
Moderação01/04/2026 16h09 (16 days later)
EstadoDuplicado
Entrada VulDB354670 [Tenda G103 1.0.0.5 Setting gpon.lua action_set_net_settings Elevação de Privilégios]
Pontos0

VoltarVisão GeralPróximo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!