CVE-2026-38064
Deferred Deferred - Pending Action

Command Injection in Tenda 5G03 Router

Vulnerability report for CVE-2026-38064, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-15

Last updated on: 2026-06-16

Assigner: MITRE

Description

Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_dial_call via the dialNumber parameter.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-15
Last Modified
2026-06-16
Generated
2026-07-06
AI Q&A
2026-06-16
EPSS Evaluated
2026-07-04
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
tenda 5g03 v05.03.02.04
tenda 5g03 1.0

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-38064 is a command injection vulnerability found in the Tenda 5G03 router firmware version V05.03.02.04. It occurs in the function action_dial_call within the file /usr/lib/lua/luci/controller/admin/telephony.lua. The vulnerability arises because the dialNumber parameter is not properly sanitized, allowing an attacker to inject arbitrary shell commands.

An attacker can exploit this by sending a specially crafted HTTP POST request to the endpoint /cgi-bin/luci/admin/telephony/trigger_call_dial_constant with a malicious dialNumber value containing command injection payloads.

Successful exploitation can lead to unauthorized command execution on the router, potentially compromising its security.

Impact Analysis

This vulnerability can allow an attacker to execute arbitrary commands on the affected Tenda 5G03 router. This unauthorized command execution can lead to a full compromise of the router's security.

  • Attackers could gain control over the router, potentially intercepting or manipulating network traffic.
  • It may allow attackers to disrupt network services or use the router as a foothold for further attacks within the network.
  • Sensitive information stored or passing through the router could be exposed or altered.
Detection Guidance

This vulnerability can be detected by sending a crafted HTTP POST request to the vulnerable endpoint on the Tenda 5G03 router and observing if command injection is possible via the dialNumber parameter.

Specifically, you can test the endpoint `/cgi-bin/luci/admin/telephony/trigger_call_dial_constant` by sending a POST request with a malicious dialNumber value containing shell command payloads.

  • Use curl to send a test POST request with a payload that attempts command injection, for example: curl -X POST http://<router-ip>/cgi-bin/luci/admin/telephony/trigger_call_dial_constant -d "dialNumber=123;id"
  • If the response or router behavior indicates execution of the injected command (e.g., output of `id` command), the vulnerability is present.
Mitigation Strategies

To mitigate the command injection vulnerability in the Tenda 5G03 router firmware version V05.03.02.04, immediate steps include avoiding the use of the vulnerable function by not sending requests to the endpoint /cgi-bin/luci/admin/telephony/trigger_call_dial_constant with the dialNumber parameter.

Additionally, restrict access to the router's administrative interface to trusted networks only, and monitor for any suspicious activity that might indicate exploitation attempts.

If possible, apply any available firmware updates or patches provided by the vendor that address this vulnerability.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-38064. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart