Shodan
Vulnerabilities
Vulnerable Software
Tenda:  >> W6-S  Security Vulnerabilities
CVE-2025-15254
A vulnerability was found in Tenda W6-S 1.0.0.4(510). This affects the function TendaAte of the file /goform/ate of the component ATE Service. Performing manipulation results in os command injection. The attack may be initiated remotely. The exploit has been made public and could be used.
CVSS Score
6.3
EPSS Score
0.01
Published
2025-12-30
CVE-2025-15255
A vulnerability was determined in Tenda W6-S 1.0.0.4(510). This impacts an unknown function of the file /bin/httpd of the component R7websSsecurityHandler. Executing manipulation of the argument Cookie can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.
CVSS Score
9.8
EPSS Score
0.002
Published
2025-12-30
CVE-2025-28220
Tenda W6_S v1.0.0.4_510 has a Buffer Overflow vulnerability in the setcfm function, which allows remote attackers to cause web server crash via parameter funcpara1 passed to the binary through a POST request.
CVSS Score
7.5
EPSS Score
0.006
Published
2025-03-28
CVE-2025-28221
Tenda W6_S v1.0.0.4_510 has a Buffer Overflow vulnerability in the set_local_time function, which allows remote attackers to cause web server crash via parameter time passed to the binary through a POST request.
CVSS Score
7.5
EPSS Score
0.006
Published
2025-03-28
CVE-2022-45497
Tenda W6-S v1.0.0.4(510) was discovered to contain a command injection vulnerability in the tpi_get_ping_output function at /goform/exeCommand.
CVSS Score
9.8
EPSS Score
0.184
Published
2022-12-08
CVE-2022-45498
An issue in the component tpi_systool_handle(0) (/goform/SysToolReboot) of Tenda W6-S v1.0.0.4(510) allows unauthenticated attackers to arbitrarily reboot the device.
CVSS Score
7.5
EPSS Score
0.012
Published
2022-12-08
CVE-2022-45499
Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the wl_radio parameter at /goform/WifiMacFilterGet.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-12-08
CVE-2022-45501
Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the wl_radio parameter at /goform/wifiSSIDset.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-12-08
CVE-2022-45503
Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the linkEn parameter at /goform/setAutoPing.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-12-08
CVE-2022-45504
An issue in the component tpi_systool_handle(0) (/goform/SysToolRestoreSet) of Tenda W6-S v1.0.0.4(510) allows unauthenticated attackers to arbitrarily reboot the device.
CVSS Score
7.5
EPSS Score
0.091
Published
2022-12-08


Products
Pricing
Contact Us

Shodan ® - All rights reserved