← voltar
CVE-2026-1687

Tenda HG10 Boa Webserver formSamba command injection

CVSS 6.9 MEDIUMEPSS 2.4%CWE-74CWE-77
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 6.9EPSS 2.4%KEV nãoPoC Patch
Ciclo de vida
30 jan 2026Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
A weakness has been identified in Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon. Impacted is an unknown function of the file /boaform/formSamba of the component Boa Webserver. Executing a manipulation of the argument serverString can lead to command injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Produtos afetados
Tenda · HG10

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/Tenda/HG10/formSamba-serverString-command.mdhttps://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/Tenda/HG10/formSamba-serverString-command.md#pochttps://vuldb.com/?ctiid.343481https://vuldb.com/?id.343481https://vuldb.com/?submit.741281https://www.tenda.com.cn/