Description
A vulnerability was determined in Tenda HG3 2.0. This vulnerability affects the function formTracert of the file /boaform/formTracert. Executing a manipulation of the argument datasize can lead to command injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
Published: 2026-04-27
Score: 8.7 High
EPSS: 3.3% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw exists in the formTracert endpoint of the Tenda HG3 router that accepts a datasize parameter. By manipulating this parameter, an attacker can inject arbitrary shell commands, leading to remote code execution on the device. The weakness is a classic command injection vulnerability (CWE‑74) that also triggers operating‑system command injection (CWE‑77), allowing the attacker to bypass input constraints and execute unintended commands. Because the injection occurs via the web management interface, the attack can be carried out from any external host that can reach the router’s WAN side.

Affected Systems

The Tenda HG3 router running firmware version 2.0 is affected. The issue resides in the web management interface located at /boaform/formTracert. No other products or versions are mentioned.

Risk and Exploitability

The CVSS score is 8.7, indicating high severity. The EPSS score of 3% suggests a moderate probability of exploitation. The vulnerability is publicly disclosed and can be exploited remotely, and it is not listed in CISA’s KEV catalog. Exploitation requires only that an attacker reach the exposed formTracert endpoint and send a crafted datasize value; no additional privileges are needed. Given the high severity and the fact that the attack is possible from external hosts, the risk remains significant until a fix is deployed.

Generated by OpenCVE AI on June 18, 2026 at 08:42 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware update from Tenda that removes the formTracert command injection flaw.
  • Restrict or block external access to the /boaform/formTracert endpoint by using firewall rules or disabling WAN‑side management in the router’s configuration.
  • Place the router’s management interface on a separate VLAN or access it only from trusted internal hosts to reduce exposure.

Generated by OpenCVE AI on June 18, 2026 at 08:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 30 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
First Time appeared Tenda hg3 Firmware
CPEs cpe:2.3:h:tenda:hg3:2.0:*:*:*:*:*:*:*
cpe:2.3:o:tenda:hg3_firmware:300003070:*:*:*:*:*:*:*
Vendors & Products Tenda hg3 Firmware

Tue, 28 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 28 Apr 2026 00:30:00 +0000

Type Values Removed Values Added
First Time appeared Tenda
Tenda hg3
Vendors & Products Tenda
Tenda hg3

Mon, 27 Apr 2026 21:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was determined in Tenda HG3 2.0. This vulnerability affects the function formTracert of the file /boaform/formTracert. Executing a manipulation of the argument datasize can lead to command injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
Title Tenda HG3 formTracert command injection
Weaknesses CWE-74
CWE-77
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-28T14:35:44.664Z

Reserved: 2026-04-26T20:17:52.059Z

Link: CVE-2026-7160

cve-icon Vulnrichment

Updated: 2026-04-28T13:39:59.672Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-27T22:16:18.690

Modified: 2026-06-17T11:01:57.187

Link: CVE-2026-7160

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T08:45:03Z

Weaknesses
  • CWE-74

    Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

  • CWE-77

    Improper Neutralization of Special Elements used in a Command ('Command Injection')