Tenda: >> W6-S Firmware >> 1.0.0.4(510) Security Vulnerabilities
A vulnerability was found in Tenda W6-S 1.0.0.4(510). This affects the function TendaAte of the file /goform/ate of the component ATE Service. Performing a manipulation results in os command injection. The attack may be initiated remotely. The exploit has been made public and could be used.
CVSS Score
6.3
EPSS Score
0.009
Published
2025-12-30
A vulnerability was determined in Tenda W6-S 1.0.0.4(510). This impacts an unknown function of the file /bin/httpd of the component R7websSsecurityHandler. Executing a manipulation of the argument Cookie can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.
CVSS Score
9.8
EPSS Score
0.003
Published
2025-12-30
Tenda W6_S v1.0.0.4_510 has a Buffer Overflow vulnerability in the setcfm function, which allows remote attackers to cause web server crash via parameter funcpara1 passed to the binary through a POST request.
CVSS Score
7.5
EPSS Score
0.006
Published
2025-03-28
Tenda W6_S v1.0.0.4_510 has a Buffer Overflow vulnerability in the set_local_time function, which allows remote attackers to cause web server crash via parameter time passed to the binary through a POST request.
CVSS Score
7.5
EPSS Score
0.006
Published
2025-03-28
Tenda W6-S v1.0.0.4(510) was discovered to contain a command injection vulnerability in the tpi_get_ping_output function at /goform/exeCommand.
CVSS Score
9.8
EPSS Score
0.184
Published
2022-12-08
An issue in the component tpi_systool_handle(0) (/goform/SysToolReboot) of Tenda W6-S v1.0.0.4(510) allows unauthenticated attackers to arbitrarily reboot the device.
CVSS Score
7.5
EPSS Score
0.012
Published
2022-12-08
Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the wl_radio parameter at /goform/WifiMacFilterGet.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-12-08
Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the wl_radio parameter at /goform/wifiSSIDset.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-12-08
Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the linkEn parameter at /goform/setAutoPing.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-12-08
An issue in the component tpi_systool_handle(0) (/goform/SysToolRestoreSet) of Tenda W6-S v1.0.0.4(510) allows unauthenticated attackers to arbitrarily reboot the device.
CVSS Score
7.5
EPSS Score
0.091
Published
2022-12-08
Page 1