PT-2025-54180 · Tenda · Tenda W6-S
Dwbruijn
·
Published
2025-12-30
·
Updated
2025-12-30
·
CVE-2025-15254
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Tenda W6-S version 1.0.0.4(510)
Description
A flaw exists in the ATE Service component of Tenda W6-S version 1.0.0.4(510). Specifically, the
TendaAte function within the /goform/ate file is susceptible to os command injection through manipulation. This allows for remote execution of commands. The exploit for this issue has been publicly released.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
OS Command Injection
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Tenda W6-S