CVE-2026-6988
🟠 Łataj w tym tygodniu
Przepełnienie bufora w Tenda HG10 umożliwia zdalne wykonanie kodu.
CVSS
8.8
EPSS
0.1%
Exploit
poc
Vendor
tenda
Opis źródłowy (NVD)
A flaw has been found in Tenda HG10 HG7_HG9_HG10re_300001138_en_xpon. This issue affects the function formRoute of the file /boaform/formRouting of the component Boa Service. This manipulation of the argument nextHop causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been published and may be used.
buffer-overflow exploit
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 8.8 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 0.1% |
| Opublikowano (NVD) | 2026-04-25 18:16:17 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-30 14:10:15 UTC |
Referencje
- https://github.com/xyh4ck/iot_poc/blob/main/Tenda/HG10/01_Buffer_Overflow_nextHop/README.md (cna@vuldb.com) [Exploit, Third Party Advisory]
- https://vuldb.com/submit/796427 (cna@vuldb.com) [Third Party Advisory, VDB Entry]
- https://vuldb.com/vuln/359540 (cna@vuldb.com) [Third Party Advisory, VDB Entry]
- https://vuldb.com/vuln/359540/cti (cna@vuldb.com) [Permissions Required, VDB Entry]
- https://www.tenda.com.cn/ (cna@vuldb.com) [Product]