CVE-2026-38063
Deferred Deferred - Pending Action
Command Injection in Tenda 5G03 Router

Publication date: 2026-06-15

Last updated on: 2026-06-15

Assigner: MITRE

Description
Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_radio_on_with_ia_apn via the ia parameter.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-15
Last Modified
2026-06-15
Generated
2026-06-16
AI Q&A
2026-06-15
EPSS Evaluated
N/A
NVD
CVE-2026-38063
EUVD
EUVD-2026-36754
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
tenda 5g03 V05.03.02.04
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The CVE-2026-38063 vulnerability affects the Tenda 5G03 router with firmware version V05.03.02.04. It is a command injection vulnerability located in the function action_radio_on_with_ia_apn, specifically due to improper sanitization of the ia parameter.

An attacker can exploit this vulnerability by sending a specially crafted POST request to the endpoint /cgi-bin/luci/admin/telephony/trigger_set_radio_on_with_ia with a malicious ia parameter. This allows the attacker to execute arbitrary commands on the router.

Impact Analysis

Successful exploitation of this vulnerability grants an attacker the ability to run arbitrary commands on the affected Tenda 5G03 router. This can lead to unauthorized control over the device, potentially allowing the attacker to manipulate router settings, intercept or redirect network traffic, install malicious software, or disrupt network operations.

Detection Guidance

This vulnerability can be detected by attempting to exploit the command injection in the ia parameter of the vulnerable endpoint. Specifically, sending a crafted POST request to the endpoint /cgi-bin/luci/admin/telephony/trigger_set_radio_on_with_ia with a malicious ia parameter can confirm the presence of the vulnerability.

  • Send a POST request with the payload ia="any_ia"; touch /tmp/RADIO_IA_VULN_PROVED; # to the URL /cgi-bin/luci/admin/telephony/trigger_set_radio_on_with_ia.
  • Check if the file /tmp/RADIO_IA_VULN_PROVED is created on the device, which indicates successful command injection.
Mitigation Strategies

To mitigate the CVE-2026-38063 vulnerability in the Tenda 5G03 router, immediate steps include avoiding exposure of the vulnerable endpoint to untrusted networks and restricting access to the router's administrative interface.

Specifically, do not send or allow POST requests to the endpoint `/cgi-bin/luci/admin/telephony/trigger_set_radio_on_with_ia` with untrusted input in the `ia` parameter, as it is vulnerable to command injection.

If possible, disable remote administration or restrict it to trusted IP addresses only.

Monitor the device for any suspicious files or commands, such as the presence of `/tmp/RADIO_IA_VULN_PROVED`, which indicates exploitation.

Finally, check for firmware updates or patches from the vendor that address this vulnerability and apply them as soon as they become available.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-38063. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart