Command Injection Vulnerability in Tenda G103 Router
CVE-2023-27079

7.5HIGH

Key Information:

Vendor: Tenda
Status: G103 Firmware
Vendor: CVE Published:; 23 March 2023

Summary

A command injection vulnerability has been identified in the Tenda G103 router version 1.0.05. This flaw allows malicious actors to execute arbitrary commands on the device, enabling the potential exposure of sensitive information. Attackers can exploit this vulnerability via specially crafted packages, which can compromise the integrity of the router and access confidential data. Users of affected versions are urged to apply security measures to protect their devices from potential exploitation.

References

https://github.com/B2eFly/Router/blob/main/Tenda/G103/2.md

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 23, 2023
Vulnerability Reserved
Feb 27, 2023