CVE-2026-5339 | Tenda G103 1.0.0.5 Setting gpon.lua action_set_net_settings command injection

A vulnerability was found in Tenda G103 1.0.0.5. It has been rated as critical. The impacted element is the function action_set_net_settings of the file gpon.lua of the component Setting Handler. Performing a manipulation of the argument authLoid/authLoidPassword/authPassword/authSerialNo/authType/oltType/usVlanId/usVlanPriority results in command injection.

This vulnerability is cataloged as CVE-2026-5339. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

CVE-2026-5339 | Tenda G103 1.0.0.5 Setting gpon.lua action_set_net_settings command injection

Post correlati

CVE-2025-4747 | Bohua NetDragon Firewall 1.0 ip_status.php subnet command injection

CVE-2023-6316 | MW WP Form Plugin up to 5.0.1 on WordPress unrestricted upload

CVE-2023-51796 | FFmpeg libavfilter/f_reverse.c areverse_request_frame buffer overflow (ID 10753)

CVE-2026-27101 | Dell Secure Connect Gateway up to 5.0/5.28.00.xx/5.32.00.xx path traversal (dsa-2026-020)