CVE-2026-7096

A security flaw has been discovered in Tenda HG3 2.0 300003070. This vulnerability affects the function formgponConf of the file /boaform/admin/formgponConf. The manipulation of the argument fmgpon_loid results in os command injection. It is possible to launch the attack remotely. The exploit has be...

high 8.8 CVSS 3.1

Published: Apr 27, 2026

Modified: Apr 27, 2026

Description

A security flaw has been discovered in Tenda HG3 2.0 300003070. This vulnerability affects the function formgponConf of the file /boaform/admin/formgponConf. The manipulation of the argument fmgpon_loid results in os command injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.

References

https://vuldb.com/submit/800796
https://vuldb.com/vuln/359671
https://vuldb.com/vuln/359671/cti
https://www.notion.so/Tenda-HG3-3250c75766a880c7b50fde0466557c5f
https://www.tenda.com.cn/

Version	3.1
Score	8.8 / 10
Severity	high