CVE-2026-7119

Description

A vulnerability was detected in Tenda HG3 2.0. The impacted element is an unknown function of the file /boaform/formCountrystr. The manipulation of the argument countrystr results in os command injection. The attack may be performed from remote. The exploit is now public and may be used.

References

• https://vuldb.com/submit/800859
• https://vuldb.com/vuln/359719
• https://vuldb.com/vuln/359719/cti
• https://www.notion.so/Tenda-HG3-1-33d0c75766a8808d8b38e9d090cec7ab
• https://www.tenda.com.cn/