Description

There is a command injection vulnerability in the Tenda G103 Gigabit GPON Terminal with firmware version V1.0.0.5. If an attacker gains web management privileges, they can inject commands gaining shell privileges.

Related CPE's

o

tenda

g103_firmware

1.0.0.5

Vulnerable

h

tenda

g103

-

References

http://tenda.com

Not Applicable

https://github.com/D2y6p/CVE/blob/main/tenda/CVE-2023-33530/RCE2/tenda_G103_RCE_2.pdf

Broken Link

http://tenda.com

Not Applicable

https://github.com/D2y6p/CVE/blob/main/tenda/CVE-2023-33530/RCE2/tenda_G103_RCE_2.pdf

Broken Link

Weaknesses

[email protected]

Primary
CWE-77

134c704f-9b21-4f2e-91b3-4a467353bcc0

Secondary
CWE-77

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2023-06-06T13:15:15.900

1 year ago

Last modified

2025-01-08T16:15:30.037

4 months ago