CVE 8.7 HIGH

Tenda HG3 formTracert command injection_CVE-2026-7160

April 27, 2026 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was determined in Tenda HG3 2.0. This vulnerability affects the function formTracert of the file /boaform/formTracert. Executing a manipulation of the argument datasize can lead to command injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.

AI Analysis

Command injection vulnerability in Tenda HG3 2.0 via the formTracert function

Basic Information

ID CVE-2026-7160

Source VulDB

Published Apr 27, 2026 at 21:30

Affected Product

Vendor Tenda

Product HG3

Version 2.0

Affected Versions Tenda HG3 2.0

CWE Classification

CWE-77 CWE-74

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor Tenda

Product HG3

Version 2.0

References

{
    "lastseen": "",
    "description": "A vulnerability was determined in Tenda HG3 2.0. This vulnerability affects the function formTracert of the file /boaform/formTracert. Executing a manipulation of the argument datasize can lead to command injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.",
    "published": "2026-04-27T21:30:17.351Z",
    "modified": "2026-04-27T21:30:17.351Z",
    "type": "cve",
    "title": "Tenda HG3 formTracert command injection",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/359759\nhttps://vuldb.com/vuln/359759/cti\nhttps://vuldb.com/submit/802079\nhttps://www.notion.so/33e0c75766a880488924cf24523acf6c\nhttps://www.tenda.com.cn/",
    "id": "CVE-2026-7160",
    "bulletinFamily": "",
    "cwe": [
        "CWE-77",
        "CWE-74"
    ],
    "cvelist": null,
    "sourceData": "Tenda HG3 2.0",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "HG3",
    "version": "2.0",
    "vendor": "Tenda",
    "ai_description": "Command injection vulnerability in Tenda HG3 2.0 via the formTracert function",
    "ai_severity": "High",
    "ai_vendor": "Tenda",
    "ai_product": "HG3",
    "ai_version": "2.0",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply