PatchSiren cyber security CVE debrief
CVE-2026-38062 Tenda CVE debrief
CVE-2026-38062 is a command injection vulnerability in the Tenda 5G03 V05.03.02.04 (Version 1.0). The vulnerability exists in the function action_set_rat_mode via the ratMode parameter. This CVE was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-38062) and last modified on [cveModifiedAt](https://nvd.nist.gov/vuln/detail/CVE-2026-38062).
- Vendor
- Tenda
- Product
- 5G03 V05.03.02.04 (Version 1.0)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of Tenda 5G03 V05.03.02.04 (Version 1.0) should apply patches or mitigations to prevent exploitation of this vulnerability.
Technical summary
The vulnerability is caused by improper input validation in the action_set_rat_mode function, allowing an attacker to inject arbitrary commands via the ratMode parameter.
Defensive priority
High
Recommended defensive actions
- Apply patches or updates provided by the vendor to fix the vulnerability.
- Use secure configuration and hardening guidelines to prevent exploitation.
- Monitor network traffic and system logs for suspicious activity.
Evidence notes
The CVE record [cve-org] and NVD detail [nvd] provide additional information about the vulnerability.
Official resources
-
CVE-2026-38062 CVE record
CVE.org
-
CVE-2026-38062 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-38062 was published on 2026-06-15T20:16:26.583Z and last modified on 2026-06-15T21:05:18.653Z.