CVE-2026-5526

Summary

A security flaw has been discovered in Tenda 4G03 Pro up to 1.0/1.1/04.03.01.53/192.168.0.1. Affected by this vulnerability is an unknown functionality of the file /bin/httpd. The manipulation results in improper access controls. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.

Affected Software

VendorProductVersion RangeStatus
Tenda4G03 Pro1.0affected
Tenda4G03 Pro1.1affected
Tenda4G03 Pro04.03.01.0affected
Tenda4G03 Pro04.03.01.1affected
Tenda4G03 Pro04.03.01.2affected
Tenda4G03 Pro04.03.01.3affected
Tenda4G03 Pro04.03.01.4affected
Tenda4G03 Pro04.03.01.5affected
Tenda4G03 Pro04.03.01.6affected
Tenda4G03 Pro04.03.01.7affected
Tenda4G03 Pro04.03.01.8affected
Tenda4G03 Pro04.03.01.9affected
Tenda4G03 Pro04.03.01.10affected
Tenda4G03 Pro04.03.01.11affected
Tenda4G03 Pro04.03.01.12affected
Tenda4G03 Pro04.03.01.13affected
Tenda4G03 Pro04.03.01.14affected
Tenda4G03 Pro04.03.01.15affected
Tenda4G03 Pro04.03.01.16affected
Tenda4G03 Pro04.03.01.17affected
Tenda4G03 Pro04.03.01.18affected
Tenda4G03 Pro04.03.01.19affected
Tenda4G03 Pro04.03.01.20affected
Tenda4G03 Pro04.03.01.21affected
Tenda4G03 Pro04.03.01.22affected
Tenda4G03 Pro04.03.01.23affected
Tenda4G03 Pro04.03.01.24affected
Tenda4G03 Pro04.03.01.25affected
Tenda4G03 Pro04.03.01.26affected
Tenda4G03 Pro04.03.01.27affected
Tenda4G03 Pro04.03.01.28affected
Tenda4G03 Pro04.03.01.29affected
Tenda4G03 Pro04.03.01.30affected
Tenda4G03 Pro04.03.01.31affected
Tenda4G03 Pro04.03.01.32affected
Tenda4G03 Pro04.03.01.33affected
Tenda4G03 Pro04.03.01.34affected
Tenda4G03 Pro04.03.01.35affected
Tenda4G03 Pro04.03.01.36affected
Tenda4G03 Pro04.03.01.37affected
Tenda4G03 Pro04.03.01.38affected
Tenda4G03 Pro04.03.01.39affected
Tenda4G03 Pro04.03.01.40affected
Tenda4G03 Pro04.03.01.41affected
Tenda4G03 Pro04.03.01.42affected
Tenda4G03 Pro04.03.01.43affected
Tenda4G03 Pro04.03.01.44affected
Tenda4G03 Pro04.03.01.45affected
Tenda4G03 Pro04.03.01.46affected
Tenda4G03 Pro04.03.01.47affected
Tenda4G03 Pro04.03.01.48affected
Tenda4G03 Pro04.03.01.49affected
Tenda4G03 Pro04.03.01.50affected
Tenda4G03 Pro04.03.01.51affected
Tenda4G03 Pro04.03.01.52affected
Tenda4G03 Pro04.03.01.53affected
Tenda4G03 Pro192.168.0.0affected
Tenda4G03 Pro192.168.0.1affected

Weaknesses

  • CWE-284: Improper Access Controls
  • CWE-266: Incorrect Privilege Assignment

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References