CVE-2026-1689Injection in Hg10

CWE-74InjectionCWE-77Command Injection3 documents3 sources
Severity
6.9MEDIUMNVD
EPSS
5.4%
top 9.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Tenda Hg10
Timeline
PublishedJan 30

Description

A vulnerability was detected in Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon. The impacted element is the function checkUserFromLanOrWan of the file /boaform/admin/formLogin of the component Login Interface. The manipulation of the argument Host results in command injection. The attack can be launched remotely. The exploit is now public and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages1 packages

CVEListV5tenda/hg10US_HG7_HG9_HG10re_300001138_en_xpon

🔴Vulnerability Details

2
CVEList
Tenda HG10 Login formLogin checkUserFromLanOrWan command injection2026-01-30
GHSA
GHSA-9256-w668-cg6v: A vulnerability was detected in Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon2026-01-30
CVE-2026-1689 — Injection in Tenda Hg10 | cvebase