{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/products/hg3-2.0/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-7160"}],"_cs_exploited":false,"_cs_products":["HG3 2.0"],"_cs_severities":["critical"],"_cs_tags":["command-injection","cve-2026-7160","tenda"],"_cs_type":"advisory","_cs_vendors":["Tenda"],"content_html":"\u003cp\u003eTenda HG3 2.0 is vulnerable to a command injection vulnerability (CVE-2026-7160) affecting the formTracert function in the /boaform/formTracert file. A remote attacker can exploit this by manipulating the datasize argument to inject arbitrary commands into the system. The vulnerability has a CVSS v3.1 score of 8.8, indicating a high severity. Public disclosure and potential exploitation make this a critical issue for users of the Tenda HG3 2.0 router. Successful exploitation allows an attacker to execute arbitrary commands on the device, potentially leading to complete system compromise.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a vulnerable Tenda HG3 2.0 router with an exposed web interface.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request targeting the /boaform/formTracert endpoint.\u003c/li\u003e\n\u003cli\u003eThe malicious request includes a manipulated datasize argument designed to inject a command.\u003c/li\u003e\n\u003cli\u003eThe web server processes the request and passes the manipulated datasize argument to the formTracert function.\u003c/li\u003e\n\u003cli\u003eThe formTracert function fails to properly sanitize the input, allowing the injected command to be executed by the system.\u003c/li\u003e\n\u003cli\u003eThe injected command executes with the privileges of the web server process.\u003c/li\u003e\n\u003cli\u003eThe attacker gains arbitrary code execution on the router.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows a remote attacker to execute arbitrary commands on the Tenda HG3 2.0 router. This can lead to complete compromise of the device, including modification of router settings, interception of network traffic, and potential use of the router as a botnet node. Given the high base score of 8.8, this poses a significant risk to affected users.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply available patches or firmware updates provided by Tenda to address CVE-2026-7160.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious POST requests to \u003ccode\u003e/boaform/formTracert\u003c/code\u003e with unusual \u003ccode\u003edatasize\u003c/code\u003e parameters, as covered by the Sigma rule \u0026ldquo;Detect Tenda HG3 Command Injection Attempt\u0026rdquo;.\u003c/li\u003e\n\u003cli\u003eImplement network intrusion detection system (IDS) rules to detect and block exploit attempts targeting this vulnerability.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-27T22:16:18Z","date_published":"2026-04-27T22:16:18Z","id":"/briefs/2026-04-tenda-hg3-command-injection/","summary":"Tenda HG3 2.0 is vulnerable to command injection; by manipulating the datasize argument in the formTracert function of the /boaform/formTracert file, a remote attacker can inject commands.","title":"Tenda HG3 2.0 Command Injection Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-04-tenda-hg3-command-injection/"}],"language":"en","title":"CraftedSignal Threat Feed — HG3 2.0","version":"https://jsonfeed.org/version/1.1"}