CVE-2026-6024

Tenda i6 HTTP R7WebsSecurityHandlerfunction path traversal

CVSS 6.9 MEDIUMEPSS 0.7%CWE-22

A vulnerability was determined in Tenda i6 1.0.0.7(2204). Affected by this issue is the function R7WebsSecurityHandlerfunction of the component HTTP Handler. This manipulation causes path traversal. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Productos afectados

Tenda · i6

PoCs públicas encontradas — 1

cve_referencegithub.com/Litengzheng/vuldb_new/blob/main/M3/vul_84/README.mdno verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/Litengzheng/vuldb_new/blob/main/M3/vul_84/README.md https://vuldb.com/submit/791826 https://vuldb.com/vuln/356600 https://vuldb.com/vuln/356600/cti https://www.tenda.com.cn/