CVE-2026-1690
Remote Command Injection in Tenda HG10 System Function
Publication date: 2026-01-30
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tenda | hg10_firmware | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-1690 is a command injection vulnerability in the Tenda HG10 router firmware (version US_HG7_HG9_HG10re_300001138_en_xpon). It exists in the system function of the file /boaform/formSysCmd, specifically in the handling of the sysCmd parameter. Due to insufficient input validation, an attacker can remotely inject and execute arbitrary system commands by sending specially crafted requests to the router, potentially compromising the device. [1, 2]
How can this vulnerability impact me? :
This vulnerability allows an attacker to remotely execute arbitrary system commands on the affected Tenda HG10 router, which can compromise the confidentiality, integrity, and availability of the device. Exploitation could lead to unauthorized control over the router, potentially disrupting network services or enabling further attacks within the network. The exploit requires some level of authentication but no physical or local access is needed. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending specially crafted requests to the /boaform/formSysCmd endpoint of the Tenda HG10 router and observing if arbitrary command execution is possible via the sysCmd parameter. Since the vulnerability involves command injection, detection commands could include sending HTTP requests with injected commands and checking for execution results. For example, using curl to send a request with a payload in sysCmd that executes a harmless command like 'id' or 'whoami' and checking the response for command output. Specific commands are not detailed in the provided resources. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include replacing the affected Tenda HG10 router with a non-vulnerable device, as no known countermeasures or mitigations have been identified. Additionally, restricting remote access to the router's management interface and ensuring strong authentication may reduce risk, but the vulnerability requires authentication and can be exploited remotely. Monitoring for suspicious activity is also advised. [2]