CVE-2026-5339 is a command injection vulnerability identified in the Tenda G103 router firmware version 1.0.0.5. The vulnerability resides in the action_set_net_settings function of the gpon.lua script, which handles network settings configuration. Specifically, the vulnerability arises when an attacker manipulates input parameters such as authLoid, authLoidPassword, authPassword, authSerialNo, authType, oltType, usVlanId, and usVlanPriority. These parameters are not properly sanitized, allowing injection of arbitrary commands that the system executes. The attack vector is remote network access, and no user interaction is required. However, the attacker must have high privileges on the device (e.g., authenticated administrative access) to exploit this flaw. The vulnerability affects the confidentiality, integrity, and availability of the device, as arbitrary command execution can lead to unauthorized data access, configuration changes, or device disruption. The CVSS 4.0 vector indicates network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:H), no user interaction (UI:N), and partial impact on confidentiality, integrity, and availability. Although no public exploits are currently reported in the wild, the exploit code has been published, increasing the risk of future exploitation. No official patches or updates have been linked yet, so mitigation relies on network-level protections and restricting administrative access.

The vulnerability allows an attacker with high privileges to execute arbitrary commands remotely on affected Tenda G103 devices. This can lead to unauthorized disclosure of sensitive information, modification or deletion of configuration settings, and potential denial of service by disrupting device operations. For organizations relying on Tenda G103 routers, this could compromise network security, enabling lateral movement within internal networks or persistent backdoors. The impact extends to confidentiality, integrity, and availability of network infrastructure. Given the device's role in managing GPON settings, exploitation could affect broadband service stability and security. The public availability of exploit code increases the likelihood of attacks, especially in environments where firmware updates are delayed or administrative access is insufficiently protected. Although exploitation requires high privileges, compromised credentials or weak administrative controls could facilitate attacks. The medium CVSS score reflects moderate risk but should not be underestimated in critical network environments.

1. Immediately restrict administrative access to the Tenda G103 device by limiting management interfaces to trusted IP addresses and using strong authentication mechanisms. 2. Monitor network traffic for unusual command execution patterns or unauthorized configuration changes related to the affected parameters. 3. If possible, isolate the device from untrusted networks to reduce exposure to remote attacks. 4. Regularly audit and rotate administrative credentials to prevent unauthorized access. 5. Implement network segmentation to limit the impact of a compromised device. 6. Contact Tenda support or monitor official channels for firmware updates or patches addressing CVE-2026-5339 and apply them promptly once available. 7. Employ intrusion detection/prevention systems (IDS/IPS) with signatures or heuristics targeting command injection attempts on GPON management interfaces. 8. Consider deploying web application firewalls (WAF) or network access control (NAC) solutions to filter malicious payloads targeting the vulnerable parameters. 9. Educate network administrators about the risks and signs of exploitation to enable rapid incident response.