Skip to content
CVSS 8.8 · HIGH

CVE-2026-7160

A vulnerability was determined in Tenda HG3 2.0. This vulnerability affects the function formTracert of the file /boaform/formTracert. Executing a manipulation of the argument datasize can lead to command injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.

Ver en NVD

Análisis

This vulnerability affects a specific Tenda HG3 router firmware and allows for remote command injection. It is a vendor-specific hardware issue that does not impact the software development stack or general server infrastructure used by the community.

Severidad

Puntaje: 8.8(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AV: NETWORK
AC: LOW
PR: LOW
UI: NONE
S: UNCHANGED
C: HIGH
I: HIGH
A: HIGH
Tipo de falla (CWE): CWE-74CWE-77

EPSS

Probabilidad de explotación (próx. 30 días): 0.0097 (1.0%)
Percentil: 76.7%
EPSS: 2026-05-06

Afecta

tenda:hg3_firmwaretenda:hg3

Descripción técnica

A vulnerability was determined in Tenda HG3 2.0. This vulnerability affects the function formTracert of the file /boaform/formTracert. Executing a manipulation of the argument datasize can lead to command injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.

Publicada: 27/4/2026, 22:16:18
Última modificación: 30/4/2026, 18:23:30

Referencias

InicioEventosBlogRecursosEquipo