Cyber Resilience

CVE-2023-27079

HighPublic PoCRCE

Published: 23 March 2023

Published
23 March 2023
Modified
25 February 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0575 90.7th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-27079 is a high-severity Command Injection (CWE-77) vulnerability in Tenda G103 Firmware. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 9.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

CVE-2023-27079 is a command injection vulnerability, tracked as CWE-77, that affects the Tenda G103 router running firmware version 1.0.05. The issue permits an attacker to obtain sensitive information by submitting a crafted package to the device and carries a CVSS 3.1 base score of 7.5 reflecting a network-accessible attack with no required credentials or user interaction.

An unauthenticated remote attacker can exploit the flaw over the network to read sensitive data from the router. The provided references consist of a GitHub repository entry that documents the vulnerability through a proof-of-concept package but contain no official vendor advisory or patch information.

EPSS scores for the CVE remain low, with a current value of 0.0575 and a peak of 0.0578, indicating limited observed exploitation interest since disclosure.

EU & UK References

Vulnerability details

Command Injection vulnerability found in Tenda G103 v.1.0.05 allows an attacker to obtain sensitive information via a crafted package

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

tenda
g103 firmware
1.0.05

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References