PatchSiren cyber security CVE debrief
CVE-2026-38065 Tenda CVE debrief
CVE-2026-38065 is a command injection vulnerability in Tenda 5G03 V05.03.02.04 (Version 1.0). The vulnerability exists in the function action_ims_on_with_apn via the ims_apn parameter. This CVE was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-38065) and last modified on [cveModifiedAt](https://nvd.nist.gov/vuln/detail/CVE-2026-38065).
- Vendor
- Tenda
- Product
- 5G03
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of Tenda 5G03 V05.03.02.04 (Version 1.0) should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
The vulnerability is caused by improper input validation in the action_ims_on_with_apn function, allowing attackers to inject malicious commands through the ims_apn parameter.
Defensive priority
High
Recommended defensive actions
- Update to the latest version of Tenda 5G03 if available.
- Limit access to the affected function to trusted users only.
- Monitor network traffic for suspicious activity.
Evidence notes
The CVE record [cve-org] and NVD detail [nvd] provide official information about this vulnerability. Additional information can be found at [ref-4].
Official resources
-
CVE-2026-38065 CVE record
CVE.org
-
CVE-2026-38065 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-38065 was published on 2026-06-15T20:16:26.897Z and last modified on 2026-06-15T21:05:18.653Z.