Search
Find a vulnerability
Search criteria
4 vulnerabilities found for 4g03_pro_firmware by tenda
CVE-2026-5527 (GCVE-0-2026-5527)
Vulnerability from nvd – Published: 2026-04-04 23:15 – Updated: 2026-04-06 13:25
VLAI
Title
Tenda 4G03 Pro ECDSA P-256 Private Key server.key hard-coded key
Summary
A weakness has been identified in Tenda 4G03 Pro 1.0/1.0re/01.bin/04.03.01.53. Affected by this issue is some unknown functionality of the file /etc/www/pem/server.key of the component ECDSA P-256 Private Key Handler. This manipulation causes use of hard-coded cryptographic key
. It is possible to initiate the attack remotely.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/355280 | vdb-entry |
| https://vuldb.com/vuln/355280/cti | signaturepermissions-required |
| https://vuldb.com/submit/782053 | third-party-advisory |
| https://www.tenda.com.cn/ | product |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5527",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-06T13:25:37.832426Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-06T13:25:49.224Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"ECDSA P-256 Private Key Handler"
],
"product": "4G03 Pro",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.0"
},
{
"status": "affected",
"version": "1.0re"
},
{
"status": "affected",
"version": "01.bin"
},
{
"status": "affected",
"version": "04.03.01.53"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "CoreNode (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB Vulnerability Moderation Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in Tenda 4G03 Pro 1.0/1.0re/01.bin/04.03.01.53. Affected by this issue is some unknown functionality of the file /etc/www/pem/server.key of the component ECDSA P-256 Private Key Handler. This manipulation causes use of hard-coded cryptographic key\r . It is possible to initiate the attack remotely."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:W/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:W/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:W/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-320",
"description": "Key Management Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-04T23:15:12.490Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-355280 | Tenda 4G03 Pro ECDSA P-256 Private Key server.key hard-coded key",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/vuln/355280"
},
{
"name": "VDB-355280 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/355280/cti"
},
{
"name": "Submit #782053 | Tenda 4G03 Pro V1.0 V04.03.01.53 Cryptographic Issues",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/782053"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-04T08:25:13.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda 4G03 Pro ECDSA P-256 Private Key server.key hard-coded key"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-5527",
"datePublished": "2026-04-04T23:15:12.490Z",
"dateReserved": "2026-04-04T06:20:03.869Z",
"dateUpdated": "2026-04-06T13:25:49.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5526 (GCVE-0-2026-5526)
Vulnerability from nvd – Published: 2026-04-04 22:15 – Updated: 2026-04-06 14:51
VLAI
Title
Tenda 4G03 Pro httpd access control
Summary
A security flaw has been discovered in Tenda 4G03 Pro up to 1.0/1.1/04.03.01.53/192.168.0.1. Affected by this vulnerability is an unknown functionality of the file /bin/httpd. The manipulation results in improper access controls. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/355279 | vdb-entry |
| https://vuldb.com/vuln/355279/cti | signaturepermissions-required |
| https://vuldb.com/submit/782052 | third-party-advisory |
| https://www.tenda.com.cn/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Tenda | 4G03 Pro |
Affected:
1.0
Affected: 1.1 Affected: 04.03.01.0 Affected: 04.03.01.1 Affected: 04.03.01.2 Affected: 04.03.01.3 Affected: 04.03.01.4 Affected: 04.03.01.5 Affected: 04.03.01.6 Affected: 04.03.01.7 Affected: 04.03.01.8 Affected: 04.03.01.9 Affected: 04.03.01.10 Affected: 04.03.01.11 Affected: 04.03.01.12 Affected: 04.03.01.13 Affected: 04.03.01.14 Affected: 04.03.01.15 Affected: 04.03.01.16 Affected: 04.03.01.17 Affected: 04.03.01.18 Affected: 04.03.01.19 Affected: 04.03.01.20 Affected: 04.03.01.21 Affected: 04.03.01.22 Affected: 04.03.01.23 Affected: 04.03.01.24 Affected: 04.03.01.25 Affected: 04.03.01.26 Affected: 04.03.01.27 Affected: 04.03.01.28 Affected: 04.03.01.29 Affected: 04.03.01.30 Affected: 04.03.01.31 Affected: 04.03.01.32 Affected: 04.03.01.33 Affected: 04.03.01.34 Affected: 04.03.01.35 Affected: 04.03.01.36 Affected: 04.03.01.37 Affected: 04.03.01.38 Affected: 04.03.01.39 Affected: 04.03.01.40 Affected: 04.03.01.41 Affected: 04.03.01.42 Affected: 04.03.01.43 Affected: 04.03.01.44 Affected: 04.03.01.45 Affected: 04.03.01.46 Affected: 04.03.01.47 Affected: 04.03.01.48 Affected: 04.03.01.49 Affected: 04.03.01.50 Affected: 04.03.01.51 Affected: 04.03.01.52 Affected: 04.03.01.53 Affected: 192.168.0.0 Affected: 192.168.0.1 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5526",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-06T14:28:18.964474Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-06T14:51:31.134Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "4G03 Pro",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.0"
},
{
"status": "affected",
"version": "1.1"
},
{
"status": "affected",
"version": "04.03.01.0"
},
{
"status": "affected",
"version": "04.03.01.1"
},
{
"status": "affected",
"version": "04.03.01.2"
},
{
"status": "affected",
"version": "04.03.01.3"
},
{
"status": "affected",
"version": "04.03.01.4"
},
{
"status": "affected",
"version": "04.03.01.5"
},
{
"status": "affected",
"version": "04.03.01.6"
},
{
"status": "affected",
"version": "04.03.01.7"
},
{
"status": "affected",
"version": "04.03.01.8"
},
{
"status": "affected",
"version": "04.03.01.9"
},
{
"status": "affected",
"version": "04.03.01.10"
},
{
"status": "affected",
"version": "04.03.01.11"
},
{
"status": "affected",
"version": "04.03.01.12"
},
{
"status": "affected",
"version": "04.03.01.13"
},
{
"status": "affected",
"version": "04.03.01.14"
},
{
"status": "affected",
"version": "04.03.01.15"
},
{
"status": "affected",
"version": "04.03.01.16"
},
{
"status": "affected",
"version": "04.03.01.17"
},
{
"status": "affected",
"version": "04.03.01.18"
},
{
"status": "affected",
"version": "04.03.01.19"
},
{
"status": "affected",
"version": "04.03.01.20"
},
{
"status": "affected",
"version": "04.03.01.21"
},
{
"status": "affected",
"version": "04.03.01.22"
},
{
"status": "affected",
"version": "04.03.01.23"
},
{
"status": "affected",
"version": "04.03.01.24"
},
{
"status": "affected",
"version": "04.03.01.25"
},
{
"status": "affected",
"version": "04.03.01.26"
},
{
"status": "affected",
"version": "04.03.01.27"
},
{
"status": "affected",
"version": "04.03.01.28"
},
{
"status": "affected",
"version": "04.03.01.29"
},
{
"status": "affected",
"version": "04.03.01.30"
},
{
"status": "affected",
"version": "04.03.01.31"
},
{
"status": "affected",
"version": "04.03.01.32"
},
{
"status": "affected",
"version": "04.03.01.33"
},
{
"status": "affected",
"version": "04.03.01.34"
},
{
"status": "affected",
"version": "04.03.01.35"
},
{
"status": "affected",
"version": "04.03.01.36"
},
{
"status": "affected",
"version": "04.03.01.37"
},
{
"status": "affected",
"version": "04.03.01.38"
},
{
"status": "affected",
"version": "04.03.01.39"
},
{
"status": "affected",
"version": "04.03.01.40"
},
{
"status": "affected",
"version": "04.03.01.41"
},
{
"status": "affected",
"version": "04.03.01.42"
},
{
"status": "affected",
"version": "04.03.01.43"
},
{
"status": "affected",
"version": "04.03.01.44"
},
{
"status": "affected",
"version": "04.03.01.45"
},
{
"status": "affected",
"version": "04.03.01.46"
},
{
"status": "affected",
"version": "04.03.01.47"
},
{
"status": "affected",
"version": "04.03.01.48"
},
{
"status": "affected",
"version": "04.03.01.49"
},
{
"status": "affected",
"version": "04.03.01.50"
},
{
"status": "affected",
"version": "04.03.01.51"
},
{
"status": "affected",
"version": "04.03.01.52"
},
{
"status": "affected",
"version": "04.03.01.53"
},
{
"status": "affected",
"version": "192.168.0.0"
},
{
"status": "affected",
"version": "192.168.0.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "CoreNode (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB Vulnerability Moderation Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in Tenda 4G03 Pro up to 1.0/1.1/04.03.01.53/192.168.0.1. Affected by this vulnerability is an unknown functionality of the file /bin/httpd. The manipulation results in improper access controls. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:W/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:W/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:W/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-04T22:15:14.338Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-355279 | Tenda 4G03 Pro httpd access control",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/vuln/355279"
},
{
"name": "VDB-355279 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/355279/cti"
},
{
"name": "Submit #782052 | Tenda Tenda 4G03 Pro V1.0 V04.03.01.53 Authentication Bypass Issues",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/782052"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-04T08:25:10.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda 4G03 Pro httpd access control"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-5526",
"datePublished": "2026-04-04T22:15:14.338Z",
"dateReserved": "2026-04-04T06:19:57.834Z",
"dateUpdated": "2026-04-06T14:51:31.134Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5527 (GCVE-0-2026-5527)
Vulnerability from cvelistv5 – Published: 2026-04-04 23:15 – Updated: 2026-04-06 13:25
VLAI
Title
Tenda 4G03 Pro ECDSA P-256 Private Key server.key hard-coded key
Summary
A weakness has been identified in Tenda 4G03 Pro 1.0/1.0re/01.bin/04.03.01.53. Affected by this issue is some unknown functionality of the file /etc/www/pem/server.key of the component ECDSA P-256 Private Key Handler. This manipulation causes use of hard-coded cryptographic key
. It is possible to initiate the attack remotely.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/355280 | vdb-entry |
| https://vuldb.com/vuln/355280/cti | signaturepermissions-required |
| https://vuldb.com/submit/782053 | third-party-advisory |
| https://www.tenda.com.cn/ | product |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5527",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-06T13:25:37.832426Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-06T13:25:49.224Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"ECDSA P-256 Private Key Handler"
],
"product": "4G03 Pro",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.0"
},
{
"status": "affected",
"version": "1.0re"
},
{
"status": "affected",
"version": "01.bin"
},
{
"status": "affected",
"version": "04.03.01.53"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "CoreNode (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB Vulnerability Moderation Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in Tenda 4G03 Pro 1.0/1.0re/01.bin/04.03.01.53. Affected by this issue is some unknown functionality of the file /etc/www/pem/server.key of the component ECDSA P-256 Private Key Handler. This manipulation causes use of hard-coded cryptographic key\r . It is possible to initiate the attack remotely."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:W/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:W/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:W/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-320",
"description": "Key Management Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-04T23:15:12.490Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-355280 | Tenda 4G03 Pro ECDSA P-256 Private Key server.key hard-coded key",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/vuln/355280"
},
{
"name": "VDB-355280 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/355280/cti"
},
{
"name": "Submit #782053 | Tenda 4G03 Pro V1.0 V04.03.01.53 Cryptographic Issues",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/782053"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-04T08:25:13.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda 4G03 Pro ECDSA P-256 Private Key server.key hard-coded key"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-5527",
"datePublished": "2026-04-04T23:15:12.490Z",
"dateReserved": "2026-04-04T06:20:03.869Z",
"dateUpdated": "2026-04-06T13:25:49.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5526 (GCVE-0-2026-5526)
Vulnerability from cvelistv5 – Published: 2026-04-04 22:15 – Updated: 2026-04-06 14:51
VLAI
Title
Tenda 4G03 Pro httpd access control
Summary
A security flaw has been discovered in Tenda 4G03 Pro up to 1.0/1.1/04.03.01.53/192.168.0.1. Affected by this vulnerability is an unknown functionality of the file /bin/httpd. The manipulation results in improper access controls. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/355279 | vdb-entry |
| https://vuldb.com/vuln/355279/cti | signaturepermissions-required |
| https://vuldb.com/submit/782052 | third-party-advisory |
| https://www.tenda.com.cn/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Tenda | 4G03 Pro |
Affected:
1.0
Affected: 1.1 Affected: 04.03.01.0 Affected: 04.03.01.1 Affected: 04.03.01.2 Affected: 04.03.01.3 Affected: 04.03.01.4 Affected: 04.03.01.5 Affected: 04.03.01.6 Affected: 04.03.01.7 Affected: 04.03.01.8 Affected: 04.03.01.9 Affected: 04.03.01.10 Affected: 04.03.01.11 Affected: 04.03.01.12 Affected: 04.03.01.13 Affected: 04.03.01.14 Affected: 04.03.01.15 Affected: 04.03.01.16 Affected: 04.03.01.17 Affected: 04.03.01.18 Affected: 04.03.01.19 Affected: 04.03.01.20 Affected: 04.03.01.21 Affected: 04.03.01.22 Affected: 04.03.01.23 Affected: 04.03.01.24 Affected: 04.03.01.25 Affected: 04.03.01.26 Affected: 04.03.01.27 Affected: 04.03.01.28 Affected: 04.03.01.29 Affected: 04.03.01.30 Affected: 04.03.01.31 Affected: 04.03.01.32 Affected: 04.03.01.33 Affected: 04.03.01.34 Affected: 04.03.01.35 Affected: 04.03.01.36 Affected: 04.03.01.37 Affected: 04.03.01.38 Affected: 04.03.01.39 Affected: 04.03.01.40 Affected: 04.03.01.41 Affected: 04.03.01.42 Affected: 04.03.01.43 Affected: 04.03.01.44 Affected: 04.03.01.45 Affected: 04.03.01.46 Affected: 04.03.01.47 Affected: 04.03.01.48 Affected: 04.03.01.49 Affected: 04.03.01.50 Affected: 04.03.01.51 Affected: 04.03.01.52 Affected: 04.03.01.53 Affected: 192.168.0.0 Affected: 192.168.0.1 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5526",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-06T14:28:18.964474Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-06T14:51:31.134Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "4G03 Pro",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "1.0"
},
{
"status": "affected",
"version": "1.1"
},
{
"status": "affected",
"version": "04.03.01.0"
},
{
"status": "affected",
"version": "04.03.01.1"
},
{
"status": "affected",
"version": "04.03.01.2"
},
{
"status": "affected",
"version": "04.03.01.3"
},
{
"status": "affected",
"version": "04.03.01.4"
},
{
"status": "affected",
"version": "04.03.01.5"
},
{
"status": "affected",
"version": "04.03.01.6"
},
{
"status": "affected",
"version": "04.03.01.7"
},
{
"status": "affected",
"version": "04.03.01.8"
},
{
"status": "affected",
"version": "04.03.01.9"
},
{
"status": "affected",
"version": "04.03.01.10"
},
{
"status": "affected",
"version": "04.03.01.11"
},
{
"status": "affected",
"version": "04.03.01.12"
},
{
"status": "affected",
"version": "04.03.01.13"
},
{
"status": "affected",
"version": "04.03.01.14"
},
{
"status": "affected",
"version": "04.03.01.15"
},
{
"status": "affected",
"version": "04.03.01.16"
},
{
"status": "affected",
"version": "04.03.01.17"
},
{
"status": "affected",
"version": "04.03.01.18"
},
{
"status": "affected",
"version": "04.03.01.19"
},
{
"status": "affected",
"version": "04.03.01.20"
},
{
"status": "affected",
"version": "04.03.01.21"
},
{
"status": "affected",
"version": "04.03.01.22"
},
{
"status": "affected",
"version": "04.03.01.23"
},
{
"status": "affected",
"version": "04.03.01.24"
},
{
"status": "affected",
"version": "04.03.01.25"
},
{
"status": "affected",
"version": "04.03.01.26"
},
{
"status": "affected",
"version": "04.03.01.27"
},
{
"status": "affected",
"version": "04.03.01.28"
},
{
"status": "affected",
"version": "04.03.01.29"
},
{
"status": "affected",
"version": "04.03.01.30"
},
{
"status": "affected",
"version": "04.03.01.31"
},
{
"status": "affected",
"version": "04.03.01.32"
},
{
"status": "affected",
"version": "04.03.01.33"
},
{
"status": "affected",
"version": "04.03.01.34"
},
{
"status": "affected",
"version": "04.03.01.35"
},
{
"status": "affected",
"version": "04.03.01.36"
},
{
"status": "affected",
"version": "04.03.01.37"
},
{
"status": "affected",
"version": "04.03.01.38"
},
{
"status": "affected",
"version": "04.03.01.39"
},
{
"status": "affected",
"version": "04.03.01.40"
},
{
"status": "affected",
"version": "04.03.01.41"
},
{
"status": "affected",
"version": "04.03.01.42"
},
{
"status": "affected",
"version": "04.03.01.43"
},
{
"status": "affected",
"version": "04.03.01.44"
},
{
"status": "affected",
"version": "04.03.01.45"
},
{
"status": "affected",
"version": "04.03.01.46"
},
{
"status": "affected",
"version": "04.03.01.47"
},
{
"status": "affected",
"version": "04.03.01.48"
},
{
"status": "affected",
"version": "04.03.01.49"
},
{
"status": "affected",
"version": "04.03.01.50"
},
{
"status": "affected",
"version": "04.03.01.51"
},
{
"status": "affected",
"version": "04.03.01.52"
},
{
"status": "affected",
"version": "04.03.01.53"
},
{
"status": "affected",
"version": "192.168.0.0"
},
{
"status": "affected",
"version": "192.168.0.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "CoreNode (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB Vulnerability Moderation Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in Tenda 4G03 Pro up to 1.0/1.1/04.03.01.53/192.168.0.1. Affected by this vulnerability is an unknown functionality of the file /bin/httpd. The manipulation results in improper access controls. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:W/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:W/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:W/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-04T22:15:14.338Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-355279 | Tenda 4G03 Pro httpd access control",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/vuln/355279"
},
{
"name": "VDB-355279 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/355279/cti"
},
{
"name": "Submit #782052 | Tenda Tenda 4G03 Pro V1.0 V04.03.01.53 Authentication Bypass Issues",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/782052"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-04T08:25:10.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda 4G03 Pro httpd access control"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-5526",
"datePublished": "2026-04-04T22:15:14.338Z",
"dateReserved": "2026-04-04T06:19:57.834Z",
"dateUpdated": "2026-04-06T14:51:31.134Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}