CVE 8.7 HIGH

Tenda HG10 Boa Service formRouting formRoute buffer overflow_CVE-2026-6988

April 25, 2026 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A flaw has been found in Tenda HG10 HG7_HG9_HG10re_300001138_en_xpon. This issue affects the function formRoute of the file /boaform/formRouting of the component Boa Service. This manipulation of the argument nextHop causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been published and may be used.

AI Analysis

Buffer overflow in Boa Service formRouting formRoute due to manipulation of the nextHop argument, allowing remote exploitation.

Basic Information

ID CVE-2026-6988

Source VulDB

Published Apr 25, 2026 at 17:00

Affected Product

Vendor Tenda

Product HG10

Version HG7_HG9_HG10re_300001138_en_xpon

Affected Versions Tenda HG10 HG7_HG9_HG10re_300001138_en_xpon

CWE Classification

CWE-120 CWE-119

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor Tenda

Product HG10

Version HG7_HG9_HG10re_300001138_en_xpon

References

{
    "lastseen": "",
    "description": "A flaw has been found in Tenda HG10 HG7_HG9_HG10re_300001138_en_xpon. This issue affects the function formRoute of the file /boaform/formRouting of the component Boa Service. This manipulation of the argument nextHop causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been published and may be used.",
    "published": "2026-04-25T17:00:24.221Z",
    "modified": "2026-04-25T17:00:24.221Z",
    "type": "cve",
    "title": "Tenda HG10 Boa Service formRouting formRoute buffer overflow",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/359540\nhttps://vuldb.com/vuln/359540/cti\nhttps://vuldb.com/submit/796427\nhttps://github.com/xyh4ck/iot_poc/blob/main/Tenda/HG10/01_Buffer_Overflow_nextHop/README.md\nhttps://www.tenda.com.cn/",
    "id": "CVE-2026-6988",
    "bulletinFamily": "",
    "cwe": [
        "CWE-120",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "Tenda HG10 HG7_HG9_HG10re_300001138_en_xpon",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "HG10",
    "version": "HG7_HG9_HG10re_300001138_en_xpon",
    "vendor": "Tenda",
    "ai_description": "Buffer overflow in Boa Service formRouting formRoute due to manipulation of the nextHop argument, allowing remote exploitation.",
    "ai_severity": "High",
    "ai_vendor": "Tenda",
    "ai_product": "HG10",
    "ai_version": "HG7_HG9_HG10re_300001138_en_xpon",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply