| Title | Tenda G103 G103_V1.0.0.5 Command Injection |
|---|
| Description | A command injection vulnerability exists in the action_set_net_settings function within the gpon.lua file of Tenda G103 GPON optical network terminals. This vulnerability is triggered when the modeOption parameter is set to 2 or 3 (manual VLAN mode), allowing the oltType parameter to be passed to system commands without proper sanitization. Authenticated attackers can exploit this to execute arbitrary system commands with root privileges, leading to full device compromise. |
|---|
| Source | ⚠️ https://github.com/ZZ2266/.github.io/tree/main/Tenda%20G103/oltType |
|---|
| User | n0ps1ed (UID 88889) |
|---|
| Submission | 03/16/2026 15:50 (21 days ago) |
|---|
| Moderation | 04/01/2026 16:10 (16 days later) |
|---|
| Status | Duplicate |
|---|
| VulDB entry | 354670 [Tenda G103 1.0.0.5 Setting gpon.lua action_set_net_settings command injection] |
|---|
| Points | 0 |
|---|