CVE-2026-7151
Awaiting Analysis Awaiting Analysis - Queue
Remote Stack-Based Buffer Overflow in Tenda HG3 IPv6 Routing

Publication date: 2026-04-27

Last updated on: 2026-04-30

Assigner: VulDB

Description
A vulnerability was determined in Tenda HG3 2.0. Impacted is the function formUploadConfig of the file /boaform/formIPv6Routing. This manipulation of the argument destNet causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-27
Last Modified
2026-04-30
Generated
2026-06-16
AI Q&A
2026-04-27
EPSS Evaluated
2026-06-14
NVD
CVE-2026-7151
EUVD
EUVD-2026-25913
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
tenda hg3_firmware 300003070
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Tenda HG3 2.0 device, specifically in the function formUploadConfig within the file /boaform/formIPv6Routing. It is caused by improper handling of the argument destNet, which leads to a stack-based buffer overflow. This means that an attacker can send specially crafted data to this function to overwrite parts of the device's memory.

The vulnerability can be exploited remotely, meaning an attacker does not need physical access to the device to carry out the attack. The exploit has been publicly disclosed, increasing the risk of it being used maliciously.

Impact Analysis

Exploitation of this vulnerability can lead to serious consequences because it allows remote attackers to cause a stack-based buffer overflow. This can result in arbitrary code execution, potentially giving the attacker control over the affected device.

Such control could allow attackers to disrupt network operations, intercept or manipulate data, or use the compromised device as a foothold to attack other systems within the network.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7151. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart