A critical security vulnerability has been discovered in Tenda HG3 2.0 router firmware version 300003070. The flaw affects the formgponConf function in the /boaform/admin/formgponConf file, where manipulation of the fmgpon_loid argument leads to OS command injection. This vulnerability can be exploited remotely by attackers to execute arbitrary system commands on the affected device. The exploit code has been publicly released, significantly increasing the risk of active exploitation. Organizations using affected Tenda HG3 routers should immediately apply security updates or implement network-level protections to prevent remote exploitation of this command injection flaw.