### Vulnerability Overview - **Vulnerability ID**: #800859 - **Vulnerability Title**: Tenda HG3 N300 Wi-Fi xPON ONT HARD_VERSION=V2.0, Version: 300003070 Remote Code Execution - **Description**: This vulnerability exists in the Tenda HG3 IoT device. Due to the lack of parameter filtering, command injection occurs, allowing attackers to execute arbitrary code. ### Impact Scope - **Affected Device**: Tenda HG3 N300 Wi-Fi xPON ONT - **Affected Versions**: HARD_VERSION=V2.0, Version: 300003070 ### Remediation - **Submission Date**: April 9, 2026, 10:42 AM (118 days ago) - **Review Date**: April 26, 2026, 06:04 PM (17 days later) - **Status**: Accepted - **ValDB Entry**: 359719 [Tenda HG3 2.0 .boaform/form?countrystr countrystr OS command injection] ### Additional Information - **Source**: [https://www.notion.so/Tenda-HG3-1-33d0c7576a8908d8b38e9d090ec7ab](https://www.notion.so/Tenda-HG3-1-33d0c7576a8908d8b38e9d090ec7ab) - **User**: 2e00ne (UID 916821) - **Points**: 14 ### Community Content - **Community Content**: Submissions are completed by ValDB community users; ValDB is not responsible for the content or external links. - **Usage Advice**: Please use the provided information with caution, as it may contain malicious or harmful operations, code, or data. - **ValDB Entry**: Contains reviewed, verified, and standardized information. ### Documentation - **Submission Policy**: [Submission Policy](#) - **Data Processing**: [Data Processing](#) - **CVE Handling**: [CVE Handling](#) ### Copyright Information - **Copyright**: © 1997-2026 vuldb.com · cc by-nc-sa - **Languages**: de · es · fr · it · pt · zh · ja · ko · ru · ar · show more - **Currency**: Pool: US$204.5 ### Navigation Bar - **Home**: [Home](#) - **Entries**: [Entries](#) - **Products**: [Products](#) - **Risk**: [Risk](#) - **Threat**: [Threat](#) - **References**: [References](#) - **Search**: [Search](#) - **Support**: [Support](#) - **Login**: [Login](#) - **Community**: [Community](#) - **Add**: [Add](#) - **Policy**: [Policy](#) - **Support**: [Support](#) ### Footer - **Login/Signup**: [Login/Signup](#) - **Home/Submit**: [Home/Submit](#) ### Advertisement - **Predict KEV Entries**: [Want to know what is going to be exploited?](#) - **Click Here**: [Click here](#) ### Summary This is a remote code execution vulnerability present in the Tenda HG3 N300 Wi-Fi xPON ONT device, specifically in versions HARD_VERSION=V2.0 and Version: 300003070. Due to unfiltered parameters, attackers can execute arbitrary code. Users are advised to update their device firmware as soon as possible to patch this vulnerability.