CVE-2026-6988
published 2026-04-25CVE-2026-6988: A flaw has been found in Tenda HG10 HG7_HG9_HG10re_300001138_en_xpon. This issue affects the function formRoute of the file /boaform/formRouting of the…
PriorityP264high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.62%
45.2th percentile
A flaw has been found in Tenda HG10 HG7_HG9_HG10re_300001138_en_xpon. This issue affects the function formRoute of the file /boaform/formRouting of the component Boa Service. This manipulation of the argument nextHop causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been published and may be used.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tenda | hg10 | — | — |
| tenda | hg10_firmware | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv4.07.4HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-xw6x-qvx6-jcr3: A flaw has been found in Tenda HG10 HG7_HG9_HG10re_300001138_en_xpon
ghsa_unreviewed·2026-04-25
CVE-2026-6988 [HIGH] CWE-119 GHSA-xw6x-qvx6-jcr3: A flaw has been found in Tenda HG10 HG7_HG9_HG10re_300001138_en_xpon
A flaw has been found in Tenda HG10 HG7_HG9_HG10re_300001138_en_xpon. This issue affects the function formRoute of the file /boaform/formRouting of the component Boa Service. This manipulation of the argument nextHop causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been published and may be used.
VulDB
Tenda HG10 HG7_HG9_HG10re_300001138_en_xpon Boa Service /boaform/formRouting formRoute nextHop buffer overflow
vuldb·2026-04-24·CVSS 7.4
CVE-2026-6988 [HIGH] Tenda HG10 HG7_HG9_HG10re_300001138_en_xpon Boa Service /boaform/formRouting formRoute nextHop buffer overflow
A vulnerability was found in Tenda HG10 HG7_HG9_HG10re_300001138_en_xpon. It has been classified as critical. This issue affects the function formRoute of the file /boaform/formRouting of the component Boa Service. This manipulation of the argument nextHop causes buffer overflow.
The identification of this vulnerability is CVE-2026-6988. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-04-25
Published