CVE-2025-15255

EUVD-2025-205819
A vulnerability was determined in Tenda W6-S 1.0.0.4(510). This impacts an unknown function of the file /bin/httpd of the component R7websSsecurityHandler. Executing manipulation of the argument Cookie can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
VulDBCNA
9.8 CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R
Base Score
CVSS 3.x
EPSS Score
Percentile: 49%
Affected Products (NVD)
VendorProductVersion
tendaw6-s_firmware
1.0.0.4\(510\)
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/dwBruijn/CVEs/blob/main/Tenda/R7WebsSecurityHandler.md
https://vuldb.com/?ctiid.338645
https://vuldb.com/?id.338645
https://vuldb.com/?submit.725500
https://www.tenda.com.cn/
https://github.com/dwBruijn/CVEs/blob/main/Tenda/R7WebsSecurityHandler.md