CVE-2026-7160 | Tenda HG3 2.0 /boaform/formTracert datasize command injection

April 26, 2026 Yanac

A vulnerability classified as critical was found in Tenda HG3 2.0. This vulnerability affects the function formTracert of the file /boaform/formTracert. Executing a manipulation of the argument datasize can lead to command injection.

This vulnerability appears as CVE-2026-7160. The attack may be performed from remote. In addition, an exploit is available.VulDB Recent EntriesRead More

SecTor 2025 | Quantifying Cyber Risk as a National Defense Imperative
CVE-2026-7159 | douinc mkdocs-mcp-plugin up to 0.4.1 server.py read_document/list_documents docs_dir/file_path path traversal