CNNVD-202601-5044 Information
CNNVD ID
CNNVD-202601-5044
Related CVE
- CNNVD Published: 2026-01-30
Description (Chinese)
Tenda HG10是中国腾达(Tenda)公司的一个光猫路由器。 Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon存在命令注入漏洞,该漏洞源于Boa Webserver组件中/boaform/formSamba文件的未知函数对参数serverString的操作导致命令注入,可能导致远程命令执行。
Description (English)
Tenda HG10 is an optical cat router of Tenda, China. Tenda HG10 US HG7 HG9 HG10re 300001138 en xpon has a command-injecting loop that results from the operation of unknown functions in the Boa Webserver component/boaform/formSamba file to the parameter serverString, which may result in remote command execution.
Hazard Level
Medium
Vulnerability Type
命令注入
Affected Vendor
腾达
Published
2026-01-30
Last Modified
2026-02-24
References
https://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/Tenda/HG10/formSamba-serverString-command.md https://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/Tenda/HG10/formSamba-serverString-command.md#poc https://vuldb.com/?ctiid.343481 https://vuldb.com/?id.343481 https://vuldb.com/?submit.741281 https://www.tenda.com.cn/ https://access.redhat.com/security/cve/cve-2026-1687
Share on: