CVE-2023-33530

Published: Jun 6, 2023Modified: Jan 8, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

There is a command injection vulnerability in the Tenda G103 Gigabit GPON Terminal with firmware version V1.0.0.5. If an attacker gains web management privileges, they can inject commands gaining shell privileges.

Affected (1)

Products: Tenda: G103 Firmware

Tenda

1 product

G103 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tenda G103 Firmware	Version 1.0.0.5

Running on/with	Platform Versions
Tenda G103	All versions

Related CWEs

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

References (4)

http://tenda.com

Source: cve@mitre.org

Not Applicable

https://github.com/D2y6p/CVE/blob/main/tenda/CVE-2023-33530/RCE2/tenda_G103_RCE_2.pdf

Source: cve@mitre.org

Broken Link

http://tenda.com

Source: af854a3a-2127-422b-91ae-364da2661108

Not Applicable

https://github.com/D2y6p/CVE/blob/main/tenda/CVE-2023-33530/RCE2/tenda_G103_RCE_2.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

Timeline

No history available yet.