VYPR

Hg3 Firmware

by Tenda

CVEs (4)

  • CVE-2026-7160HigApr 27, 2026
    risk 0.57cvss 8.8epss 0.03

    A vulnerability was determined in Tenda HG3 2.0. This vulnerability affects the function formTracert of the file /boaform/formTracert. Executing a manipulation of the argument datasize can lead to command injection. The attack may be performed from remote. The exploit has been…

  • CVE-2026-7151HigApr 27, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was determined in Tenda HG3 2.0. Impacted is the function formUploadConfig of the file /boaform/formIPv6Routing. This manipulation of the argument destNet causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been…

  • CVE-2026-7119HigApr 27, 2026
    risk 0.57cvss 8.8epss 0.03

    A vulnerability was detected in Tenda HG3 2.0. The impacted element is an unknown function of the file /boaform/formCountrystr. The manipulation of the argument countrystr results in os command injection. The attack may be performed from remote. The exploit is now public and may…

  • CVE-2026-7096HigApr 27, 2026
    risk 0.57cvss 8.8epss 0.04

    A security flaw has been discovered in Tenda HG3 2.0 300003070. This vulnerability affects the function formgponConf of the file /boaform/admin/formgponConf. The manipulation of the argument fmgpon_loid results in os command injection. It is possible to launch the attack…