HG3 2.0 — CraftedSignal Threat Feedhttps://feed.craftedsignal.io/products/hg3-2.0/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioMon, 27 Apr 2026 22:16:18 +0000Tenda HG3 2.0 Command Injection Vulnerabilityhttps://feed.craftedsignal.io/briefs/2026-04-tenda-hg3-command-injection/Mon, 27 Apr 2026 22:16:18 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-04-tenda-hg3-command-injection/Tenda HG3 2.0 is vulnerable to command injection; by manipulating the datasize argument in the formTracert function of the /boaform/formTracert file, a remote attacker can inject commands.Tenda HG3 2.0 is vulnerable to a command injection vulnerability (CVE-2026-7160) affecting the formTracert function in the /boaform/formTracert file. A remote attacker can exploit this by manipulating the datasize argument to inject arbitrary commands into the system. The vulnerability has a CVSS v3.1 score of 8.8, indicating a high severity. Public disclosure and potential exploitation make this a critical issue for users of the Tenda HG3 2.0 router. Successful exploitation allows an attacker to execute arbitrary commands on the device, potentially leading to complete system compromise.

Attack Chain

  1. The attacker identifies a vulnerable Tenda HG3 2.0 router with an exposed web interface.
  2. The attacker crafts a malicious HTTP request targeting the /boaform/formTracert endpoint.
  3. The malicious request includes a manipulated datasize argument designed to inject a command.
  4. The web server processes the request and passes the manipulated datasize argument to the formTracert function.
  5. The formTracert function fails to properly sanitize the input, allowing the injected command to be executed by the system.
  6. The injected command executes with the privileges of the web server process.
  7. The attacker gains arbitrary code execution on the router.

Impact

Successful exploitation of this vulnerability allows a remote attacker to execute arbitrary commands on the Tenda HG3 2.0 router. This can lead to complete compromise of the device, including modification of router settings, interception of network traffic, and potential use of the router as a botnet node. Given the high base score of 8.8, this poses a significant risk to affected users.

Recommendation

  • Apply available patches or firmware updates provided by Tenda to address CVE-2026-7160.
  • Monitor web server logs for suspicious POST requests to /boaform/formTracert with unusual datasize parameters, as covered by the Sigma rule “Detect Tenda HG3 Command Injection Attempt”.
  • Implement network intrusion detection system (IDS) rules to detect and block exploit attempts targeting this vulnerability.
]]>criticaladvisorycommand-injectioncve-2026-7160tenda