| 标题 | Tenda G103 G103_V1.0.0.5 Command Injection |
|---|
| 描述 | A command injection vulnerability exists in the action_set_net_settings function within the gpon.lua file of Tenda G103 GPON optical network terminals. This vulnerability is caused by improper sanitization of the authSerialNo parameter, which is directly concatenated into system commands without validation. Authenticated attackers can exploit this flaw to execute arbitrary system commands with root privileges, potentially leading to full device compromise. |
|---|
| 来源 | ⚠️ https://github.com/ZZ2266/.github.io/tree/main/Tenda%20G103/authSerialNo |
|---|
| 用户 | n0ps1ed (UID 88889) |
|---|
| 提交 | 2026-03-16 15時49分 (21 日前) |
|---|
| 管理 | 2026-04-01 16時09分 (16 days later) |
|---|
| 状态 | 重复 |
|---|
| VulDB条目 | 354670 [Tenda G103 1.0.0.5 Setting gpon.lua action_set_net_settings 权限提升] |
|---|
| 积分 | 0 |
|---|