CVE-2026-1687Injection in Hg10

CWE-74InjectionCWE-77Command Injection3 documents3 sources
Severity
6.9MEDIUMNVD
EPSS
6.2%
top 9.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Tenda Hg10
Timeline
PublishedJan 30

Description

A weakness has been identified in Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon. Impacted is an unknown function of the file /boaform/formSamba of the component Boa Webserver. Executing a manipulation of the argument serverString can lead to command injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages1 packages

CVEListV5tenda/hg10US_HG7_HG9_HG10re_300001138_en_xpon

🔴Vulnerability Details

2
GHSA
GHSA-f6mv-hr3h-h98h: A weakness has been identified in Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon2026-01-30
CVEList
Tenda HG10 Boa Webserver formSamba command injection2026-01-30
CVE-2026-1687 — Injection in Tenda Hg10 | cvebase