CVE-2026-1689 | Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon Login Interface /boaform/admin/formLogin checkUserFromLanOrWan Host command injection

Inserito da Angelo Barbosa | Gen 30, 2026 | CVE

A vulnerability was found in Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon. It has been declared as critical. The impacted element is the function checkUserFromLanOrWan of the file /boaform/admin/formLogin of the component Login Interface. The manipulation of the argument Host results in command injection.

This vulnerability is reported as CVE-2026-1689. The attack can be launched remotely. Moreover, an exploit is present.

CVE-2026-1689 | Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon Login Interface /boaform/admin/formLogin checkUserFromLanOrWan Host command injection

Post correlati

CVE-2025-41657 | Auma AC1.2/PROFOX prior 09.05.2025 observable behavioral discrepancy with equivalent products (VDE-2025-047)

CVE-2024-45447 | Huawei HarmonyOS/EMUI Camera Framework Module information disclosure

CVE-2025-4036 | 201206030 Novel 3.5.0 Chapter AuthorController.java updateBookChapter access control

CVE-2024-55056 | PHPGurukul Online Birth Certificate System 1.0 certificate-form.php full name cross site scripting