Impact
A vulnerability exists in the Tenda 5G03 V05.03.02.04 firmware (Version 1.0) where the function action_dial_call accepts a dialNumber parameter without proper validation. An attacker can inject arbitrary operating‑system commands into this parameter, causing the router to execute them. If successful, the attacker could gain full control over the device, manipulate network traffic, or use the router as a pivot point for further attacks.
Affected Systems
The affected device is the Tenda 5G03 router running firmware V05.03.02.04 (Version 1.0). No other vendor or product information is provided.
Risk and Exploitability
The CVSS score of 9.8 indicates critical severity, and the EPSS score of 1.046% suggests a low likelihood of exploitation at this time. The vulnerability is not currently listed in the CISA KEV catalog. The likely attack vector is through the device’s exposed web or API interface where the dialNumber parameter is accepted, allowing remote code execution once an attacker submits a crafted request. No official patch is listed in the available data, so the risk remains if the firmware is not updated or mitigated.
OpenCVE Enrichment