| 标题 | Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon Command Injection |
|---|
| 描述 | A command execution vulnerability exists in the Tenda HG10 AC1200 Dualband Wi-Fi xPON ONT router. The vulnerability is located in the Boa web server’s formLogin interface and is specifically related to the handling of the Host parameter. Due to insufficient input validation and filtering of this user-controllable parameter, an attacker can inject arbitrary system commands through specially crafted requests. By exploiting this vulnerability, an unauthenticated attacker is able to execute arbitrary commands on the affected device. |
|---|
| 来源 | ⚠️ https://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/Tenda/HG10/formLogin-Host-command.md |
|---|
| 用户 | Abcd1234 (UID 94604) |
|---|
| 提交 | 2026-01-17 13時30分 (3 月前) |
|---|
| 管理 | 2026-01-30 08時56分 (13 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 343483 [Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon Login Interface /boaform/admin/formLogin checkUserFromLanOrWan Host 权限提升] |
|---|
| 积分 | 20 |
|---|