Description

A vulnerability was found in Tenda W6-S 1.0.0.4(510). This affects the function TendaAte of the file /goform/ate of the component ATE Service. Performing manipulation results in os command injection. The attack may be initiated remotely. The exploit has been made public and could be used.

Related CPE's

o

tenda

w6-s_firmware

1.0.0.4\(510\)

Vulnerable

h

tenda

w6-s

-

References

https://github.com/dwBruijn/CVEs/blob/main/Tenda/ate.md

ExploitThird Party Advisory

https://vuldb.com/?ctiid.338644

Permissions RequiredVDB Entry

https://vuldb.com/?id.338644

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.725499

Third Party AdvisoryVDB Entry

https://www.tenda.com.cn/

Product

Weaknesses

[email protected]

Primary
CWE-77CWE-78

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

6.3 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2025-12-30T15:15:44.237Z

2 weeks ago

Last modified

2026-01-02T20:20:05.950Z

1 week ago