| Title | Tenda G103 G103_V1.0.0.5 Command Injection |
|---|
| Description | A command injection vulnerability exists in the action_set_net_settings function within the gpon.lua file of Tenda G103 GPON optical network terminals. This vulnerability is triggered only when the modeOption parameter is set to 2 or 3 (manual VLAN mode), due to improper sanitization of the usVlanId parameter. The parameter is directly concatenated into system commands without validation, allowing authenticated attackers to execute arbitrary system commands with root privileges and potentially take full control of the device. |
|---|
| Source | ⚠️ https://github.com/ZZ2266/.github.io/tree/main/Tenda%20G103/usVlanId |
|---|
| User | n0ps1ed (UID 88889) |
|---|
| Submission | 03/16/2026 15:50 (17 days ago) |
|---|
| Moderation | 04/01/2026 16:10 (16 days later) |
|---|
| Status | Duplicate |
|---|
| VulDB entry | 354670 [Tenda G103 1.0.0.5 Setting gpon.lua action_set_net_settings command injection] |
|---|
| Points | 0 |
|---|