CVE-2026-5526 MEDIUM

CVE-2026-5526: Tenda 4G03 Pro httpd access control

Vendor Tenda
Product 4G03 Pro
Weakness CWE-284
Published April 4, 2026
Last update April 6, 2026
View on NVD All CVEs

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A security flaw has been discovered in Tenda 4G03 Pro up to 1.0/1.1/04.03.01.53/192.168.0.1. Affected by this vulnerability is an unknown functionality of the file /bin/httpd. The manipulation results in improper access controls. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.

Key dates

02Disclosure timeline

April 4, 2026 CVE published
April 6, 2026 Record updated