Impact
Tenda 5G03 routers running firmware V05.03.02.04 (Version 1.0) contain a command‑injection vulnerability in the action_radio_on_with_ia_apn function. The flaw allows an adversary to inject arbitrary shell commands through the ia parameter, causing the operating system to execute those commands. Because the affected function is mapped to CWE‑78, the impact is remote command execution that can compromise the entire device, exposing confidentiality, integrity, and availability.
Affected Systems
Products affected are Tenda 5G03 routers with firmware V05.03.02.04 (Version 1.0). No other vendors or versions are documented in the CVE entry.
Risk and Exploitability
The CVSS score of 9.8 indicates a high potential for exploitation, and the EPSS score of 1% shows a low probability of widespread attacks at this time. The lack of a KEV listing does not reduce the inherent risk for exposed devices. Based on the description, it is inferred that the action_radio_on_with_ia_apn function is reachable through an HTTP request, and that an attacker can deliver malicious input via the ia parameter without requiring authentication. Exploiting the flaw would allow the attacker to run arbitrary operating‑system commands with router privileges, potentially leading to full device compromise.
OpenCVE Enrichment