Skip to content
CVSS 8.8 · HIGH

CVE-2026-7096

A security flaw has been discovered in Tenda HG3 2.0 300003070. This vulnerability affects the function formgponConf of the file /boaform/admin/formgponConf. The manipulation of the argument fmgpon_loid results in os command injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.

Ver en NVD

Análisis

The vulnerability affects Tenda HG3 router firmware, allowing remote OS command injection. This is vendor-specific hardware that matches the criteria for exclusion, as it is not part of the standard software development or server administration stack used by the community.

Severidad

Puntaje: 8.8(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AV: NETWORK
AC: LOW
PR: LOW
UI: NONE
S: UNCHANGED
C: HIGH
I: HIGH
A: HIGH
Tipo de falla (CWE): CWE-77CWE-78

EPSS

Probabilidad de explotación (próx. 30 días): 0.0097 (1.0%)
Percentil: 76.7%
EPSS: 2026-05-06

Afecta

tenda:hg3_firmwaretenda:hg3

Descripción técnica

A security flaw has been discovered in Tenda HG3 2.0 300003070. This vulnerability affects the function formgponConf of the file /boaform/admin/formgponConf. The manipulation of the argument fmgpon_loid results in os command injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.

Publicada: 27/4/2026, 8:16:02
Última modificación: 30/4/2026, 16:18:03

Referencias

InicioEventosBlogRecursosEquipo