CVE-2026-1687 Tenda HG10 Boa Webserver formSamba command injection

A weakness has been identified in Tenda HG10 USHG7HG9HG10re300001138enxpon. Impacted is an unknown function of the file /boaform/formSamba of the component Boa Webserver. Executing a manipulation of the argument serverString can lead to command injection. It is possible to launch the attack...

Tenda HG10 command injection vulnerability

The Tenda HG10 is a fiber-optic router produced by the Chinese company Tenda. The Tenda HG10 USHG7HG9HG10re300001138enxpon has a command injection vulnerability. This vulnerability arises from an unknown function in the Boa Webserver component, which manipulates the parameter “serverString” in th...

CVE-2025-57639

OS Command injection vulnerability in Tenda AC9 1.0 was discovered to contain a command injection vulnerability via the usb.samba.guest.user parameter in the formSetSambaConf function of the httpd file...

CVE-2025-9813

A vulnerability was identified in Tenda CH22 1.0.0.1. This issue affects the function formSetSambaConf of the file /goform/SetSambaConf. The manipulation of the argument sambauserNameSda leads to buffer overflow. It is possible to initiate the attack remotely. The exploit is publicly available an...

PT-2024-2394 · Tenda · Tenda Ac10

Name of the Vulnerable Software and Affected Versions: Tenda AC10U versions 15.03.06.48 through 15.03.06.49 Description: A critical issue affects the function formSetSambaConf of the file /goform/setsambacfg. The manipulation of the argument usbName leads to os command injection. The attack may b...