CVE-2026-38060
Deferred Deferred - Pending Action

Command Injection in Tenda 5G03 Router

Vulnerability report for CVE-2026-38060, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-15

Last updated on: 2026-06-16

Assigner: MITRE

Description

Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_unlock_sim via the pin parameter.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-15
Last Modified
2026-06-16
Generated
2026-07-06
AI Q&A
2026-06-16
EPSS Evaluated
2026-07-04
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
tenda 5g03 v05.03.02.04

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

The provided information does not specify any direct impact of the CVE-2026-38060 vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

The CVE-2026-38060 vulnerability affects the Tenda 5G03 router with firmware version V05.03.02.04. It is a command injection flaw in the function action_unlock_sim, specifically in the pin parameter.

This function, located in the router's Lua controller script, does not properly sanitize the pin input, allowing an attacker to inject malicious commands.

By sending a specially crafted request to the router's /cgi-bin/luci/admin/telephony/trigger_sim_unlock endpoint with a manipulated pin value, an attacker can execute arbitrary commands on the device.

Exploitation requires valid session cookies, but once exploited, it can lead to unauthorized command execution on the router.

Impact Analysis

This vulnerability allows an attacker to execute arbitrary commands on the affected Tenda 5G03 router.

Such unauthorized command execution can lead to compromise of the router, including potential control over network traffic, disruption of services, or further attacks on connected devices.

Because the attacker needs valid session cookies, the risk depends on the attacker's ability to obtain or guess these credentials.

Detection Guidance

This vulnerability can be detected by sending a crafted HTTP request to the router's vulnerable endpoint and checking for the creation of a specific file that indicates successful command injection.

Specifically, an attacker can send a request to the `/cgi-bin/luci/admin/telephony/trigger_sim_unlock` endpoint with a specially formatted `pin` parameter that injects a command to create a file named `/tmp/UNLOCK_SIM_VULN_PROVED`.

  • Use a tool like curl to send a POST request with the injected payload in the `pin` parameter, for example: `pin=1234"; touch /tmp/UNLOCK_SIM_VULN_PROVED; #`.
  • Check the device's `/tmp` directory for the presence of the file `UNLOCK_SIM_VULN_PROVED` to confirm vulnerability.

Note that successful exploitation requires valid session cookies, so authentication to the router's web interface is necessary.

Mitigation Strategies

To mitigate the CVE-2026-38060 vulnerability in the Tenda 5G03 router, immediate steps include restricting access to the router's web interface, especially the /cgi-bin/luci/admin/telephony/trigger_sim_unlock endpoint.

Ensure that only trusted users have valid session cookies and credentials to prevent unauthorized command injection via the pin parameter.

If possible, disable or restrict the telephony feature or the vulnerable function until a firmware update or patch is available.

Monitor the device for any unusual files or behavior, such as the creation of unexpected files like /tmp/UNLOCK_SIM_VULN_PROVED, which could indicate exploitation attempts.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-38060. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart