Command Injection Vulnerability in Tenda 5G03 Router By Tenda
CVE-2026-38060

9.8CRITICAL

Key Information:

Vendor: Tenda
Status: 5G03
Vendor: CVE Published:; 15 June 2026

What is CVE-2026-38060?

The Tenda 5G03 router running version V05.03.02.04 is affected by a command injection vulnerability in the action_unlock_sim function. The issue arises from improper validation of user input through the pin parameter, allowing potential attackers to execute arbitrary commands on the device. This could lead to unauthorized access and manipulation of the router's functionalities.

References

https://github.com/sezangel/IOT-vul/tree/main/Tenda/5G03/...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 15, 2026
Vulnerability Reserved
Apr 6, 2026

CVE-2026-38060 Data

JSON