CVE-2026-5526
Improper Access Control in Tenda 4G03 Pro HTTPD Allows Remote Exploitation
Publication date: 2026-04-04
Last updated on: 2026-04-30
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tenda | 4g03_pro_firmware | 04.03.01.53 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-266 | A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a security flaw found in the Tenda 4G03 Pro device up to certain firmware versions. It involves an unknown functionality within the file /bin/httpd, where improper access controls allow unauthorized access. The flaw can be exploited remotely, meaning an attacker does not need physical access to the device to perform the attack. The exploit for this vulnerability has been publicly released, increasing the risk of attacks.
How can this vulnerability impact me? :
The vulnerability allows remote attackers to bypass proper access controls on the affected device. This can lead to unauthorized access to the device's functions or data, potentially compromising the device's security and the network it is connected to. Since the exploit is publicly available, attackers can easily use it to gain access, which may result in data breaches, device manipulation, or disruption of services.