Which versions of Tenda HG3 are affected by CVE-2026-7096?

CVE-2026-7096 is a command injection vulnerability in Tenda HG3 routers (v2.0 build 300003070) that permits authenticated administrators to execute arbitrary system commands with full router…

Is there a public PoC exploit available for CVE-2026-7096?

Yes, a public proof-of-concept exploit is available for CVE-2026-7096. Prioritise patching immediately. EPSS: 0.3%.

Tenda HG3 CVE-2026-7096

Q: What is the CVSS score of CVE-2026-7096?

CVE-2026-7096 has a CVSS 4.0 base score of 7.4 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.3%.

EUVD-2026-25786 HIGH

OS Command Injection (CWE-78)

2026-04-27 VulDB

Command Injection Tenda

7.4

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

PoC Detected

Apr 30, 2026 - 16:18 vuln.today

Public exploit code

Analysis Updated

Apr 27, 2026 - 08:28 vuln.today

v2 (cvss_changed)

Re-analysis Queued

Apr 27, 2026 - 08:22 vuln.today

cvss_changed

CVSS changed

Apr 27, 2026 - 08:22 NVD

8.8 (HIGH) 7.4 (HIGH)

Analysis Generated

Apr 27, 2026 - 07:45 vuln.today

EUVD ID Assigned

Apr 27, 2026 - 07:30 euvd

EUVD-2026-25786

Analysis Generated

Apr 27, 2026 - 07:30 vuln.today

CVE Published

Apr 27, 2026 - 06:45 nvd

HIGH 7.4

DescriptionNVD

A security flaw has been discovered in Tenda HG3 2.0 300003070. This vulnerability affects the function formgponConf of the file /boaform/admin/formgponConf. The manipulation of the argument fmgpon_loid results in os command injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.

AnalysisAI

OS command injection in Tenda HG3 router version 2.0 (build 300003070) allows authenticated remote attackers to execute arbitrary system commands with router privileges via the fmgpon_loid parameter in the formgponConf administrative function. Public exploit code is available and confirmed usable for attacks per VulDB reporting, significantly lowering the skill barrier for exploitation despite requiring valid administrative credentials.

RemediationAI

Within 24 hours: Inventory all Tenda HG3 devices running version 2.0 build 300003070 and document administrative account holders. Within 7 days: Restrict administrative access to Tenda HG3 devices to named, monitored accounts; disable remote administration if not operationally required; enable logging of all administrative function calls. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-7096 vulnerability details – vuln.today

Back

Tenda HG3 CVE-2026-7096

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Tenda HG3 CVE-2026-7096

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code