CVE 8.7 HIGH

Tenda HG3 formCountrystr os command injection_CVE-2026-7119

April 27, 2026 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was detected in Tenda HG3 2.0. The impacted element is an unknown function of the file /boaform/formCountrystr. The manipulation of the argument countrystr results in os command injection. The attack may be performed from remote. The exploit is now public and may be used.

AI Analysis

OS command injection vulnerability in Tenda HG3 2.0 via the countrystr argument in the /boaform/formCountrystr file

Basic Information

ID CVE-2026-7119

Source VulDB

Published Apr 27, 2026 at 11:30

Affected Product

Vendor Tenda

Product HG3

Version 2.0

Affected Versions Tenda HG3 2.0

CWE Classification

CWE-78 CWE-77

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor Tenda

Product HG3

Version 2.0

References

{
    "lastseen": "",
    "description": "A vulnerability was detected in Tenda HG3 2.0. The impacted element is an unknown function of the file /boaform/formCountrystr. The manipulation of the argument countrystr results in os command injection. The attack may be performed from remote. The exploit is now public and may be used.",
    "published": "2026-04-27T11:30:15.501Z",
    "modified": "2026-04-27T11:30:15.501Z",
    "type": "cve",
    "title": "Tenda HG3 formCountrystr os command injection",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/359719\nhttps://vuldb.com/vuln/359719/cti\nhttps://vuldb.com/submit/800859\nhttps://www.notion.so/Tenda-HG3-1-33d0c75766a8808d8b38e9d090cec7ab\nhttps://www.tenda.com.cn/",
    "id": "CVE-2026-7119",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78",
        "CWE-77"
    ],
    "cvelist": null,
    "sourceData": "Tenda HG3 2.0",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "HG3",
    "version": "2.0",
    "vendor": "Tenda",
    "ai_description": "OS command injection vulnerability in Tenda HG3 2.0 via the countrystr argument in the /boaform/formCountrystr file",
    "ai_severity": "High",
    "ai_vendor": "Tenda",
    "ai_product": "HG3",
    "ai_version": "2.0",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply