CVE-2026-1690
📋 TL;DR
This CVE describes a command injection vulnerability in Tenda HG10 routers affecting the /boaform/formSysCmd endpoint. Attackers can execute arbitrary commands remotely by manipulating the sysCmd parameter. This affects users of Tenda HG10 routers with vulnerable firmware versions.
💻 Affected Systems
- Tenda HG10
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete device compromise allowing attacker to install persistent backdoors, intercept network traffic, pivot to internal networks, or brick the device.
Likely Case
Unauthorized command execution leading to device configuration changes, credential theft, or use as part of a botnet.
If Mitigated
Limited impact if device is behind firewall with restricted WAN access and proper network segmentation.
🎯 Exploit Status
Public proof-of-concept available showing simple HTTP POST exploitation. No authentication required for exploitation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: Not available
Restart Required: No
Instructions:
Check Tenda official website for firmware updates. If available, download and flash via web interface.
🔧 Temporary Workarounds
Network Access Control
allRestrict access to router web interface from untrusted networks
Firewall Rules
linuxBlock external access to port 80/443 on router WAN interface
iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 443 -j DROP
🧯 If You Can't Patch
- Replace affected device with supported model
- Isolate device in separate VLAN with strict firewall rules
🔍 How to Verify
Check if Vulnerable:
Check router firmware version in web interface. If matches affected version, assume vulnerable.Check Version:
curl -s http://router-ip/ | grep -i firmware || login to web interfaceVerify Fix Applied:
Verify firmware version has been updated to non-vulnerable release.📡 Detection & Monitoring
Log Indicators:
- HTTP POST requests to /boaform/formSysCmd with suspicious sysCmd parameters
- Unusual command execution in system logs
Network Indicators:
- HTTP traffic to router management interface containing command injection patterns
- Outbound connections from router to suspicious IPs
SIEM Query:
source="router-logs" AND uri="/boaform/formSysCmd" AND (sysCmd="*;*" OR sysCmd="*|*" OR sysCmd="*`*" OR sysCmd="*$(*")🔗 References
- https://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/Tenda/HG10/formSysCmd-sysCmd-command.md
- https://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/Tenda/HG10/formSysCmd-sysCmd-command.md#poc
- https://vuldb.com/?ctiid.343484
- https://vuldb.com/?id.343484
- https://vuldb.com/?submit.741425
- https://www.tenda.com.cn/
