CVE-2026-1689 - Vulnerability Details

- Tenda HG10 Login formLogin checkUserFromLanOrWan command injection

Description

A vulnerability was detected in Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon. The impacted element is the function checkUserFromLanOrWan of the file /boaform/admin/formLogin of the component Login Interface. The manipulation of the argument Host results in command injection. The attack can be launched remotely. The exploit is now public and may be used.

Published: 2026-01-30

Score: 6.9 Medium

EPSS: 5.4% Low

KEV: No

Impact:

Action:

Analysis

Impact

A command injection flaw exists in the Tenda HG10 firmware, specifically in the checkUserFromLanOrWan function of the Login Interface. By supplying a crafted Host argument to the /boaform/admin/formLogin endpoint, an attacker can cause the router to execute arbitrary shell commands. This vulnerability is classified under CWE‑74 (Improper Neutralization of Input During Web Page Generation) and CWE‑77 (Improper Neutralization of Special Elements used in an OS Command). The resulting impact is the ability to take full control of the device, compromising confidentiality, integrity, and availability.

Affected Systems

The impacted product is the Tenda HG10 router, running firmware identified as Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon. No specific firmware revision is listed beyond this general identifier, indicating that any build under this firmware line is potentially affected. The vendor is Tenda.

Risk and Exploitability

The CVSS score of 6.9 places the vulnerability in the medium severity range, and the EPSS score of 5% suggests a measurable likelihood of exploitation. The vulnerability is not currently listed in the CISA KEV catalog. Attackers can launch the exploit remotely by targeting the exposed login interface; the exploit has been made public and may already be in use. Successful exploitation would grant an attacker arbitrary command execution on the router, leading to full device compromise.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Tenda

HG10

affected

Version	Status	Constraints
`US_HG7_HG9_HG10re_300001138_en_xpon`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:tenda:hg10_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:tenda:hg10:-:*:*:*:*:*:*:*

No data.

Vendor	Product	Confidence	Versions
Tenda	Hg10	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the router firmware to the latest release that fixes the Host parameter command injection flaw
If no firmware patch is available, disable remote login or restrict access to trusted networks using the router’s firewall or VLAN configuration
Enable device logging and monitor for abnormal Host parameter values or repeated failed login attempts to detect exploitation attempts

Generated by OpenCVE AI on April 18, 2026 at 01:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.05363.

Exploitation poc

Automatable yes

Technical Impact partial

References

Link	Providers
https://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/Tenda/HG10/formLogin-Host-command.md
https://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/Tenda/HG10/formLogin-Host-command.md#poc
https://vuldb.com/?ctiid.343483
https://vuldb.com/?id.343483
https://vuldb.com/?submit.741411
https://www.tenda.com.cn/

History

Mon, 23 Feb 2026 09:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:o:tenda:hg10_firmware::::::::

Tue, 10 Feb 2026 14:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Tenda hg10 Firmware
CPEs		cpe:2.3:h:tenda:hg10:-:::::::* cpe:2.3:o:tenda:hg10_firmware:-:::::::*
Vendors & Products		Tenda hg10 Firmware

Tue, 03 Feb 2026 15:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Tenda Tenda hg10
Vendors & Products		Tenda Tenda hg10

Fri, 30 Jan 2026 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 30 Jan 2026 16:45:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability was detected in Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon. The impacted element is the function checkUserFromLanOrWan of the file /boaform/admin/formLogin of the component Login Interface. The manipulation of the argument Host results in command injection. The attack can be launched remotely. The exploit is now public and may be used.
Title		Tenda HG10 Login formLogin checkUserFromLanOrWan command injection
Weaknesses		CWE-74 CWE-77
References		https://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/Tenda/HG10/formLogin-Host-command.md https://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/Tenda/HG10/formLogin-Host-command.md#poc https://vuldb.com/?ctiid.343483 https://vuldb.com/?id.343483 https://vuldb.com/?submit.741411 https://www.tenda.com.cn/
Metrics		cvssV2_0 `{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Tenda Hg10 Hg10 Firmware

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-01-30T16:32:08.118Z

Updated: 2026-02-23T09:09:54.959Z

Reserved: 2026-01-30T07:56:21.633Z

Link: CVE-2026-1689

Vulnrichment

Updated: 2026-01-30T16:51:33.199Z

NVD

Status : Analyzed

Published: 2026-01-30T17:16:13.783

Modified: 2026-02-10T14:18:11.040

Link: CVE-2026-1689

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-18T01:15:05Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Exploitation poc

Automatable yes

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object