← volver
CVE-2026-1687

Tenda HG10 Boa Webserver formSamba command injection

CVSS 6.9 MEDIUMEPSS 2.4%CWE-74CWE-77
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 6.9EPSS 2.4%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
30 ene 2026Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A weakness has been identified in Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon. Impacted is an unknown function of the file /boaform/formSamba of the component Boa Webserver. Executing a manipulation of the argument serverString can lead to command injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Productos afectados
Tenda · HG10

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/Tenda/HG10/formSamba-serverString-command.mdhttps://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/Tenda/HG10/formSamba-serverString-command.md#pochttps://vuldb.com/?ctiid.343481https://vuldb.com/?id.343481https://vuldb.com/?submit.741281https://www.tenda.com.cn/