CVE-2026-38065
Deferred Deferred - Pending Action

Command Injection in Tenda 5G03 Router

Vulnerability report for CVE-2026-38065, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-15

Last updated on: 2026-06-16

Assigner: MITRE

Description

Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_ims_on_with_apn via the ims_apn parameter.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-15
Last Modified
2026-06-16
Generated
2026-07-06
AI Q&A
2026-06-15
EPSS Evaluated
2026-07-04
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
tenda 5g03 v05.03.02.04

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-38065 is a command injection vulnerability found in Tenda 5G03 devices running firmware version V05.03.02.04. The flaw exists in the function named action_ims_on_with_apn, specifically in how it handles the ims_apn parameter. This parameter is not properly sanitized, which means an attacker can inject arbitrary commands into the system by crafting a malicious ims_apn value.

For example, an attacker can send a specially crafted HTTP POST request containing a malicious ims_apn value such as ";touch /tmp/CLTaint_VULN_PROVED;". This causes the device to execute the injected command, potentially allowing unauthorized actions on the device.

Impact Analysis

This vulnerability allows an attacker to execute arbitrary commands on the affected Tenda 5G03 device remotely. This can lead to unauthorized control over the device, potentially allowing the attacker to modify system files, disrupt device functionality, or use the device as a foothold for further attacks within the network.

Detection Guidance

This vulnerability can be detected by checking if the Tenda 5G03 device is running the vulnerable firmware version V05.03.02.04 and by testing if the ims_apn parameter in the action_ims_on_with_apn function is susceptible to command injection.

One way to detect exploitation is to look for the presence of the file /tmp/CLTaint_VULN_PROVED on the device, which can be created by sending a crafted HTTP POST request with a malicious ims_apn value such as ';touch /tmp/CLTaint_VULN_PROVED;'.

  • Send a crafted HTTP POST request to the vulnerable endpoint with ims_apn parameter set to a command injection payload, for example: ims_apn=;touch /tmp/CLTaint_VULN_PROVED;
  • Check the device filesystem for the presence of /tmp/CLTaint_VULN_PROVED to confirm successful command injection.
Mitigation Strategies

Immediate mitigation steps include updating the Tenda 5G03 device firmware to a version later than V05.03.02.04 where this vulnerability is fixed.

If an update is not immediately available, restrict access to the device's management interface to trusted networks only to prevent exploitation via crafted HTTP requests.

Monitor the device for any suspicious files or activities, such as unexpected files in /tmp/, which may indicate exploitation attempts.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-38065. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart