CVE-2026-1687 | Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon Boa Webserver /boaform/formSamba serverString command injection

Inserito da Angelo Barbosa | Gen 30, 2026 | CVE

A vulnerability was found in Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon and classified as critical. Impacted is an unknown function of the file /boaform/formSamba of the component Boa Webserver. Executing a manipulation of the argument serverString can lead to command injection.

This vulnerability is registered as CVE-2026-1687. It is possible to launch the attack remotely. Furthermore, an exploit is available.

CVE-2026-1687 | Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon Boa Webserver /boaform/formSamba serverString command injection

Post correlati

CVE-2024-21583 | Gitpod up to 27121 unknown vulnerability

CVE-2023-52442 | Linux Kernel up to 5.15.144/6.1.52/6.4/6.4.15 smb2_get_msg Privilege Escalation

CVE-2025-47949 | tngan SAMLify up to 2.9.x SAML Response signature verification

CVE-2024-35908 | Linux Kernel up to 6.1.84/6.6.25/6.8.4 tls_sw_recvmsg memory leak