CVE-2026-5527
Hard-Coded ECDSA Key Vulnerability in Tenda 4G03 Pro
Publication date: 2026-04-05
Last updated on: 2026-04-30
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tenda | 4g03_pro_firmware | 04.03.01.53 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-320 | Key Management Errors |
| CWE-321 | The product uses a hard-coded, unchangeable cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Tenda 4G03 Pro device, specifically in the ECDSA P-256 Private Key Handler component. The issue is caused by the use of a hard-coded cryptographic key located in the file /etc/www/pem/server.key. Because the key is hard-coded, it can be exploited remotely by an attacker.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability involves the use of a hard-coded cryptographic key in the Tenda 4G03 Pro device, which can be exploited remotely. This weakness can potentially compromise the confidentiality of sensitive data protected by the device.
Using hard-coded cryptographic keys is generally considered a poor security practice and may lead to non-compliance with standards and regulations such as GDPR and HIPAA, which require adequate protection of personal and sensitive data.
However, the provided information does not explicitly state the direct impact on compliance with these regulations.
How can this vulnerability impact me? :
The vulnerability allows remote attackers to exploit the hard-coded cryptographic key, potentially compromising the confidentiality of communications or data protected by this key. Since the key is fixed and known, attackers may be able to decrypt sensitive information or impersonate the device, leading to partial loss of confidentiality.