CVE Catalog

CVE-2026-38065

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.52%

40th percentile — higher than 40% of all known CVEs

Summary

Tenda 5G03 version V05.03.02.04 (version 1.0) is vulnerable to command injection in the action_ims_on_with_apn function via the ims_apn parameter.

Risk Assessment

Exploitation of this vulnerability could lead to unauthorized command execution on the device, posing a serious security threat to the network.

Recommendation

It is recommended to update the device firmware to the latest version to mitigate this vulnerability.

Original NVD description (English source)

Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_ims_on_with_apn via the ims_apn parameter.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS