PatchSiren cyber security CVE debrief
CVE-2026-38063 Tenda CVE debrief
CVE-2026-38063 is a command injection vulnerability in the Tenda 5G03 V05.03.02.04 (Version 1.0). The vulnerability exists in the function action_radio_on_with_ia_apn via the ia parameter. This CVE was published on [cvePublishedAt]2026-06-15T20:16:26.687Z[/cvePublishedAt] and modified on [cveModifiedAt]2026-06-15T21:05:18.653Z[/cveModifiedAt].
- Vendor
- Tenda
- Product
- 5G03 V05.03.02.04 (Version 1.0)
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of Tenda 5G03 V05.03.02.04 (Version 1.0) should be aware of this vulnerability and take necessary precautions.
Technical summary
The vulnerability is caused by a lack of proper input validation in the action_radio_on_with_ia_apn function, allowing an attacker to inject malicious commands via the ia parameter.
Defensive priority
High
Recommended defensive actions
- Update to a patched version of Tenda 5G03 V05.03.02.04 (Version 1.0) if available.
- Limit access to the affected function to only necessary users.
- Monitor for suspicious activity on the affected system.
Evidence notes
The CVE record [resourceLinkAnnotations:cve-org] and NVD detail [resourceLinkAnnotations:nvd] provide additional information about this vulnerability.
Official resources
-
CVE-2026-38063 CVE record
CVE.org
-
CVE-2026-38063 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-38063 was published on [cvePublishedAt]2026-06-15T20:16:26.687Z[/cvePublishedAt].