CVE-2026-6024

HIGH

Tenda i6 HTTP R7WebsSecurityHandlerfunction path traversal

Title source: cna

Description

A vulnerability was determined in Tenda i6 1.0.0.7(2204). Affected by this issue is the function R7WebsSecurityHandlerfunction of the component HTTP Handler. This manipulation causes path traversal. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.

References (5)

[Vdb Entry, Technical Description] https://vuldb.com/vuln/356600

[Signature, Permissions Required] https://vuldb.com/vuln/356600/cti

[Third Party Advisory] https://vuldb.com/submit/791826

[Exploit] https://github.com/Litengzheng/vuldb_new/blob/main/M3/vul_84/README.md

View Exploit ZIP pw:eip

[Product] https://www.tenda.com.cn/

Scores

CVSS v3 7.3

EPSS 0.0006

EPSS Percentile 18.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Details

CWE

CWE-22

Status published

Products (1)

Tenda/i6 1.0.0.7(2204)

Published Apr 10, 2026

Tracked Since Apr 10, 2026