CVE-2026-6988 exposes Tenda HG10 devices to remote buffer overflow attacks
CVE-2026-6988 affects Tenda HG10 devices running HG7_HG9_HG10re_300001138_en_xpon and can be triggered remotely through the Boa Service component. The flaw carries a CVSS 3.1 score of 8.8, and the published description says an exploit has already been released and may be used.
The issue sits in the formRoute function under /boaform/formRouting, where manipulation of the nextHop argument causes a buffer overflow. That places the vulnerability in the class of memory corruption bugs that can let an attacker push data past a buffer boundary and disrupt or control program behavior.
NVD published the record on 2026-04-25, and the available material ties the finding to the Boa Service path rather than a broad firmware-wide failure. The source data also lists CWE-119 and CWE-120, which points to improper buffer handling as the core weakness behind the flaw.
The vulnerable path sits inside Boa Service and the formRoute handler
The affected code path is specific enough to matter operationally: the formRoute function processes requests through /boaform/formRouting, then mishandles nextHop in a way that overruns memory. Because the attack is remote, an exposed device does not need local access before the malformed input reaches the vulnerable routine.
The record also shows that the issue applies to the HG7_HG9_HG10re_300001138_en_xpon firmware configuration and the HG10 hardware entry listed in the advisory data. That combination narrows the scope to a particular Tenda platform family rather than an abstract component name, which makes inventory checks essential for anyone managing the device line.
The published exploit raises the immediate exposure level
The most significant detail in the source material is the note that the exploit has been published and may be used. That changes the risk profile from a theoretical flaw to one that can be acted on by others using the disclosed weakness and the same remote attack surface.
The data available here does not confirm a patch status, affected-user count, or real-world compromise. It does confirm that the vulnerability was assigned a high severity score, that the attack vector is network-based, and that the vulnerable component accepts input in a way that can overflow a buffer.
Possible steps
- Verify whether any Tenda HG10 device runs HG7_HG9_HG10re_300001138_en_xpon.
- Review whether Boa Service is exposed on the network in your environment.
- Limit access to the /boaform/formRouting path to trusted sources only.
- Segment the network so affected devices are not broadly reachable.
- Monitor for suspicious requests targeting formRoute or nextHop handling.
- Watch for buffer overflow indicators around the Boa Service component.
- Track vendor and advisory updates for patch availability.
- Reduce exposure of remote management features where they are not required.
Šaltiniai: nvd.nist.gov, cve.org, Tenable, GitHub Advisory Database, Feedly
Report an issue
What's wrong with this guide? We review every report and update or remove content.
Report received — thank you. We'll review and fix it.
You need a free account to submit a report.
Be the first to comment