CVE-2026-5527

Summary

A weakness has been identified in Tenda 4G03 Pro 1.0/1.0re/01.bin/04.03.01.53. Affected by this issue is some unknown functionality of the file /etc/www/pem/server.key of the component ECDSA P-256 Private Key Handler. This manipulation causes use of hard-coded cryptographic key . It is possible to initiate the attack remotely.

Affected Software

VendorProductVersion RangeStatus
Tenda4G03 Pro1.0affected
Tenda4G03 Pro1.0reaffected
Tenda4G03 Pro01.binaffected
Tenda4G03 Pro04.03.01.53affected

Weaknesses

  • CWE-321: Use of Hard-coded Cryptographic Key
  • CWE-320: Key Management Error

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References