PT-2026-5426 · Tenda · Tenda Hg10
Abcd1234
·
Published
2026-01-17
·
Updated
2026-02-10
·
CVE-2026-1690
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Tenda HG10 US HG7 HG9 HG10re 300001138 en xpon (affected versions not specified)
Description
A flaw exists in the system function associated with the file '/boaform/formSysCmd'. Manipulation of the
sysCmd argument can lead to command injection. This attack can be initiated remotely. The exploit has been published.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Command Injection
Special Elements Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Tenda Hg10