CVE-2026-7096

HIGH 8.8

Tenda HG3 formgponConf os command injection

CVSS Score

8.8

EPSS Score

0.0%

EPSS Percentile

0th

A security flaw has been discovered in Tenda HG3 2.0 300003070. This vulnerability affects the function formgponConf of the file /boaform/admin/formgponConf. The manipulation of the argument fmgpon_loid results in os command injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.

CWE	CWE-78 CWE-77
Vendor	tenda
Product	hg3
Published	Apr 27, 2026

Stay Ahead of the Next One

Get instant alerts for tenda hg3

Be the first to know when new high vulnerabilities affecting tenda hg3 are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

Tenda / HG3

2.0 300003070

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/359671 vuldb.com: https://vuldb.com/vuln/359671/cti vuldb.com: https://vuldb.com/submit/800796 notion.so: https://www.notion.so/Tenda-HG3-3250c75766a880c7b50fde0466557c5f tenda.com.cn: https://www.tenda.com.cn/

Credits

🔍 2er00ne (VulDB User)