Cyber Posture

CVE-2026-5339

MediumPublic PoC

Published: 02 April 2026

Published
02 April 2026
Modified
06 April 2026
KEV Added
Patch
CVSS Score 4.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
EPSS Score 0.0022 44.4th percentile
Risk Priority 10 60% EPSS · 20% KEV · 20% CVSS

Description

A vulnerability was detected in Tenda G103 1.0.0.5. The impacted element is the function action_set_net_settings of the file gpon.lua of the component Setting Handler. Performing a manipulation of the argument authLoid/authLoidPassword/authPassword/authSerialNo/authType/oltType/usVlanId/usVlanPriority results in command injection. It is possible to initiate…

more

the attack remotely. The exploit is now public and may be used.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly prevents command injection by requiring validation of vulnerable arguments (authLoid, authLoidPassword, etc.) passed to the action_set_net_settings function in gpon.lua.

SI-2 Flaw Remediation good match
prevent

Requires timely identification, reporting, and remediation of the specific command injection flaw in Tenda G103 firmware version 1.0.0.5.

RA-5 Vulnerability Monitoring and Scanning good match
detect

Enables detection of CVE-2026-5339 through vulnerability monitoring and scanning of the affected Setting Handler component.

Security SummaryAI

CVE-2026-5339 is a command injection vulnerability in Tenda G103 firmware version 1.0.0.5. The affected component is the Setting Handler, specifically the action_set_net_settings function in the gpon.lua file. The flaw arises from improper handling of arguments including authLoid, authLoidPassword, authPassword, authSerialNo, authType, oltType, usVlanId, and usVlanPriority, enabling injection of malicious commands.

Remote attackers with high privileges can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation grants limited impacts on confidentiality, integrity, and availability, as reflected in the CVSS v3.1 base score of 4.7 (AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L). Associated CWEs are CWE-74 (Improper Neutralization of Special Elements) and CWE-77 (Command Injection).

VulDB entries (submissions 781132 through 781135) document the vulnerability, while a public exploit is available on GitHub at https://github.com/ZZ2266/.github.io/tree/main/Tenda%20G103/authLoid. No vendor patches or specific mitigation guidance are detailed in the references. The exploit is public and may be used in attacks.

Details

CWE(s)
CWE-74CWE-77

Affected Products

tenda
g103 firmware
1.0.0.5

MITRE ATT&CK Enterprise TechniquesAI

T1059.008 Network Device CLI Execution
Adversaries may abuse scripting or built-in command line interpreters (CLI) on network devices to execute malicious command and payloads.
attack.mitre.org →
T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
attack.mitre.org →
Why these techniques?

Command injection vulnerability in network device firmware web handler directly enables Network Device CLI execution (T1059.008) and exploitation of a remote service (T1210).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References