CVE-2023-33530Command Injection in G103 Firmware

CWE-77Command Injection3 documents3 sources
Severity
8.8HIGHNVD
EPSS
1.0%
top 23.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Tenda G103 Firmware
Timeline
PublishedJun 6

Description

There is a command injection vulnerability in the Tenda G103 Gigabit GPON Terminal with firmware version V1.0.0.5. If an attacker gains web management privileges, they can inject commands gaining shell privileges.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

NVDtenda/g103_firmware1.0.0.5

🔴Vulnerability Details

2
CVEList
CVE-2023-33530: There is a command injection vulnerability in the Tenda G103 Gigabit GPON Terminal with firmware version V12023-06-06
GHSA
GHSA-fxgg-2q7q-95wx: There is a command injection vulnerability in the Tenda G103 Gigabit GPON Terminal with firmware version V12023-06-06
CVE-2023-33530 — Command Injection in Tenda | cvebase