Tenda 4G300 Command Injection Vulnerability in DelFil Function

Vulnerability

A command injection vulnerability has been identified in the Tenda 4G300 router, specifically in the firmware version US_4G300V1.0Mt_V1.01.42_CN_TDC01. The issue arises in the DelFil function, where improper handling of the delflag argument allows for remote command injection.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the affected device.

Added: Apr 30, 2026, 2:18 AM

Updated: Apr 30, 2026, 2:18 AM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

9.1

remediation

0.0

relevance

7.1

threat

6.5

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

9.1

remediation

0.0

relevance

7.1

threat

6.5

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tenda 4G300 Command Injection Vulnerability in DelFil Function

Vulnerability

Impact

Affected Products

Tenda 4G300

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating