W6-S
by Tenda
Source repositories
CVEs (10)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-15254 | Med | 0.41 | 6.3 | 0.01 | Dec 30, 2025 | A vulnerability was found in Tenda W6-S 1.0.0.4(510). This affects the function TendaAte of the file /goform/ate of the component ATE Service. Performing a manipulation results in os command injection. The attack may be initiated remotely. The exploit has been made public and could be used. | ||
| CVE-2022-45497 | 0.01 | — | 0.18 | Dec 8, 2022 | Tenda W6-S v1.0.0.4(510) was discovered to contain a command injection vulnerability in the tpi_get_ping_output function at /goform/exeCommand. | |||
| CVE-2022-45504 | 0.01 | — | 0.09 | Dec 8, 2022 | An issue in the component tpi_systool_handle(0) (/goform/SysToolRestoreSet) of Tenda W6-S v1.0.0.4(510) allows unauthenticated attackers to arbitrarily reboot the device. | |||
| CVE-2025-15255 | 0.00 | — | 0.01 | Dec 30, 2025 | A vulnerability was determined in Tenda W6-S 1.0.0.4(510). This impacts an unknown function of the file /bin/httpd of the component R7websSsecurityHandler. Executing a manipulation of the argument Cookie can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. | |||
| CVE-2025-28221 | 0.00 | — | 0.02 | Mar 28, 2025 | Tenda W6_S v1.0.0.4_510 has a Buffer Overflow vulnerability in the set_local_time function, which allows remote attackers to cause web server crash via parameter time passed to the binary through a POST request. | |||
| CVE-2025-28220 | 0.00 | — | 0.03 | Mar 28, 2025 | Tenda W6_S v1.0.0.4_510 has a Buffer Overflow vulnerability in the setcfm function, which allows remote attackers to cause web server crash via parameter funcpara1 passed to the binary through a POST request. | |||
| CVE-2022-45498 | 0.00 | — | 0.01 | Dec 8, 2022 | An issue in the component tpi_systool_handle(0) (/goform/SysToolReboot) of Tenda W6-S v1.0.0.4(510) allows unauthenticated attackers to arbitrarily reboot the device. | |||
| CVE-2022-45501 | 0.00 | — | 0.00 | Dec 8, 2022 | Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the wl_radio parameter at /goform/wifiSSIDset. | |||
| CVE-2022-45503 | 0.00 | — | 0.00 | Dec 8, 2022 | Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the linkEn parameter at /goform/setAutoPing. | |||
| CVE-2022-45499 | 0.00 | — | 0.00 | Dec 8, 2022 | Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the wl_radio parameter at /goform/WifiMacFilterGet. |
- risk 0.41cvss 6.3epss 0.01
A vulnerability was found in Tenda W6-S 1.0.0.4(510). This affects the function TendaAte of the file /goform/ate of the component ATE Service. Performing a manipulation results in os command injection. The attack may be initiated remotely. The exploit has been made public and could be used.
- CVE-2022-45497Dec 8, 2022risk 0.01cvss —epss 0.18
Tenda W6-S v1.0.0.4(510) was discovered to contain a command injection vulnerability in the tpi_get_ping_output function at /goform/exeCommand.
- CVE-2022-45504Dec 8, 2022risk 0.01cvss —epss 0.09
An issue in the component tpi_systool_handle(0) (/goform/SysToolRestoreSet) of Tenda W6-S v1.0.0.4(510) allows unauthenticated attackers to arbitrarily reboot the device.
- CVE-2025-15255Dec 30, 2025risk 0.00cvss —epss 0.01
A vulnerability was determined in Tenda W6-S 1.0.0.4(510). This impacts an unknown function of the file /bin/httpd of the component R7websSsecurityHandler. Executing a manipulation of the argument Cookie can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.
- CVE-2025-28221Mar 28, 2025risk 0.00cvss —epss 0.02
Tenda W6_S v1.0.0.4_510 has a Buffer Overflow vulnerability in the set_local_time function, which allows remote attackers to cause web server crash via parameter time passed to the binary through a POST request.
- CVE-2025-28220Mar 28, 2025risk 0.00cvss —epss 0.03
Tenda W6_S v1.0.0.4_510 has a Buffer Overflow vulnerability in the setcfm function, which allows remote attackers to cause web server crash via parameter funcpara1 passed to the binary through a POST request.
- CVE-2022-45498Dec 8, 2022risk 0.00cvss —epss 0.01
An issue in the component tpi_systool_handle(0) (/goform/SysToolReboot) of Tenda W6-S v1.0.0.4(510) allows unauthenticated attackers to arbitrarily reboot the device.
- CVE-2022-45501Dec 8, 2022risk 0.00cvss —epss 0.00
Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the wl_radio parameter at /goform/wifiSSIDset.
- CVE-2022-45503Dec 8, 2022risk 0.00cvss —epss 0.00
Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the linkEn parameter at /goform/setAutoPing.
- CVE-2022-45499Dec 8, 2022risk 0.00cvss —epss 0.00
Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the wl_radio parameter at /goform/WifiMacFilterGet.