{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-7151/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-7151"}],"_cs_exploited":false,"_cs_products":["HG3"],"_cs_severities":["critical"],"_cs_tags":["cve-2026-7151","buffer-overflow","tenda","router"],"_cs_type":"advisory","_cs_vendors":["Tenda"],"content_html":"\u003cp\u003eA stack-based buffer overflow vulnerability has been identified in Tenda HG3 version 2.0. The vulnerability exists within the \u003ccode\u003eformUploadConfig\u003c/code\u003e function of the \u003ccode\u003e/boaform/formIPv6Routing\u003c/code\u003e file. A remote attacker can exploit this by manipulating the \u003ccode\u003edestNet\u003c/code\u003e argument, potentially leading to arbitrary code execution on the device. The vulnerability, identified as CVE-2026-7151, has a publicly available exploit, increasing the risk of exploitation. This poses a significant threat to users of Tenda HG3 v2.0 routers, potentially allowing attackers to gain unauthorized access and control over the device. The CVSS v3.1 score is rated as 8.8 (HIGH).\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a Tenda HG3 v2.0 router with default or known credentials, or no authentication at all.\u003c/li\u003e\n\u003cli\u003eThe attacker sends a crafted HTTP POST request to \u003ccode\u003e/boaform/formIPv6Routing\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe request targets the \u003ccode\u003eformUploadConfig\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003edestNet\u003c/code\u003e argument within the HTTP POST data is manipulated with a string exceeding the buffer size.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eformUploadConfig\u003c/code\u003e function processes the oversized \u003ccode\u003edestNet\u003c/code\u003e argument without proper bounds checking.\u003c/li\u003e\n\u003cli\u003eThis causes a stack-based buffer overflow, overwriting adjacent memory regions on the stack.\u003c/li\u003e\n\u003cli\u003eThe attacker gains arbitrary code execution on the device by overwriting the return address or other critical data on the stack.\u003c/li\u003e\n\u003cli\u003eThe attacker can then leverage this to gain full control of the device, potentially modifying settings, injecting malware, or using it as part of a botnet.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows a remote attacker to execute arbitrary code on the affected Tenda HG3 v2.0 router. This could lead to complete compromise of the device, allowing the attacker to monitor network traffic, change router settings, or use the device as a launchpad for further attacks against other devices on the network. Given the potential for widespread exploitation due to the publicly available exploit, a large number of Tenda HG3 v2.0 users are at risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor web server logs for unusual POST requests to \u003ccode\u003e/boaform/formIPv6Routing\u003c/code\u003e with excessively long \u003ccode\u003edestNet\u003c/code\u003e parameters to detect potential exploit attempts (see example Sigma rule below).\u003c/li\u003e\n\u003cli\u003eImplement rate limiting for requests to \u003ccode\u003e/boaform/formIPv6Routing\u003c/code\u003e to mitigate brute-force exploitation attempts.\u003c/li\u003e\n\u003cli\u003eApply available patches or firmware updates from Tenda to address CVE-2026-7151 on vulnerable HG3 2.0 devices.\u003c/li\u003e\n\u003cli\u003eConsider deploying a web application firewall (WAF) rule to filter out malicious requests targeting the \u003ccode\u003edestNet\u003c/code\u003e parameter in \u003ccode\u003e/boaform/formIPv6Routing\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-28T12:00:00Z","date_published":"2026-04-28T12:00:00Z","id":"/briefs/2026-04-tenda-hg3-overflow/","summary":"A stack-based buffer overflow vulnerability in the formUploadConfig function of Tenda HG3 v2.0's /boaform/formIPv6Routing file allows remote attackers to execute arbitrary code by manipulating the destNet argument.","title":"Tenda HG3 v2.0 Stack-Based Buffer Overflow in formUploadConfig","url":"https://feed.craftedsignal.io/briefs/2026-04-tenda-hg3-overflow/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-7151","version":"https://jsonfeed.org/version/1.1"}