PatchSiren cyber security CVE debrief
CVE-2026-38061 Tenda CVE debrief
CVE-2026-38061 is a command injection vulnerability in the Tenda 5G03 V05.03.02.04 (Version 1.0). The vulnerability exists in the function action_set_volume via the volume parameter. This CVE was published on [cvePublishedAt]2026-06-15T20:16:26.483Z[/cvePublishedAt] and modified on [cveModifiedAt]2026-06-15T21:05:18.653Z[/cveModifiedAt].
- Vendor
- Tenda
- Product
- 5G03
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of Tenda 5G03 V05.03.02.04 (Version 1.0) should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
The vulnerability is caused by improper input validation in the action_set_volume function, allowing an attacker to inject malicious commands via the volume parameter.
Defensive priority
High
Recommended defensive actions
- Apply patches or updates provided by the vendor to fix the vulnerability.
- Limit access to the affected system and monitor for suspicious activity.
- Consider implementing additional security measures, such as input validation and sanitization.
Evidence notes
The CVE record [resourceLinkAnnotations:cve-org] and NVD detail [resourceLinkAnnotations:nvd] provide further information about this vulnerability. A source reference [resourceLinkAnnotations:ref-4] is also available.
Official resources
-
CVE-2026-38061 CVE record
CVE.org
-
CVE-2026-38061 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
This CVE debrief is based on the provided source corpus and official links.