CVE-2025-15254

EUVD-2025-205784
A vulnerability was found in Tenda W6-S 1.0.0.4(510). This affects the function TendaAte of the file /goform/ate of the component ATE Service. Performing a manipulation results in os command injection. The attack may be initiated remotely. The exploit has been made public and could be used.
Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
tendaw6-s_firmware
1.0.0.4\(510\)
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/dwBruijn/CVEs/blob/main/Tenda/ate.md
https://vuldb.com/?ctiid.338644
https://vuldb.com/?id.338644
https://vuldb.com/?submit.725499
https://www.tenda.com.cn/