CVE 8.7 HIGH

Tenda HG3 formgponConf os command injection_CVE-2026-7096

April 27, 2026 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A security flaw has been discovered in Tenda HG3 2.0 300003070. This vulnerability affects the function formgponConf of the file /boaform/admin/formgponConf. The manipulation of the argument fmgpon_loid results in os command injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.

AI Analysis

OS command injection vulnerability in Tenda HG3 2.0 300003070 via the formgponConf function

Basic Information

ID CVE-2026-7096

Source VulDB

Published Apr 27, 2026 at 06:45

Affected Product

Vendor Tenda

Product HG3

Version 2.0 300003070

Affected Versions Tenda HG3 2.0 300003070

CWE Classification

CWE-78 CWE-77

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor Tenda

Product HG3

Version 2.0 300003070

References

{
    "lastseen": "",
    "description": "A security flaw has been discovered in Tenda HG3 2.0 300003070. This vulnerability affects the function formgponConf of the file /boaform/admin/formgponConf. The manipulation of the argument fmgpon_loid results in os command injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.",
    "published": "2026-04-27T06:45:14.049Z",
    "modified": "2026-04-27T06:45:14.049Z",
    "type": "cve",
    "title": "Tenda HG3 formgponConf os command injection",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/359671\nhttps://vuldb.com/vuln/359671/cti\nhttps://vuldb.com/submit/800796\nhttps://www.notion.so/Tenda-HG3-3250c75766a880c7b50fde0466557c5f\nhttps://www.tenda.com.cn/",
    "id": "CVE-2026-7096",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78",
        "CWE-77"
    ],
    "cvelist": null,
    "sourceData": "Tenda HG3 2.0 300003070",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "HG3",
    "version": "2.0 300003070",
    "vendor": "Tenda",
    "ai_description": "OS command injection vulnerability in Tenda HG3 2.0 300003070 via the formgponConf function",
    "ai_severity": "High",
    "ai_vendor": "Tenda",
    "ai_product": "HG3",
    "ai_version": "2.0 300003070",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply