CVE Catalog
CVE-2026-38061
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk0.45%
36th percentile — higher than 36% of all known CVEs
Summary
Tenda 5G03 version 5.03.02.04 (version 1.0) is vulnerable to command injection in the action_set_volume function via the volume parameter.
Risk Assessment
An attacker could exploit this vulnerability to execute arbitrary commands on the device, potentially leading to full control over it.
Recommendation
It is recommended to update the device firmware to the latest version to mitigate this vulnerability.
Original NVD description (English source)
Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_set_volume via the volume parameter.

