CVE-2025-15254
HIGH WAF: High
CVSS 8.8
Published: 2025-12-30
CWE-77 CWE-78
A vulnerability was found in Tenda W6-S 1.0.0.4(510). This affects the function TendaAte of the file /goform/ate of the component ATE Service. Performing a manipulation results in os command injection. The attack may be initiated remotely. The exploit has been made public and could be used.
WAF Coverage Analysis
Command Injection
High WAF Coverage
OWASP: A03:2021 Injection
932xxx - Remote Code Execution
OS Command Injection
High WAF Coverage
OWASP: A03:2021 Injection
932xxx - Remote Code Execution
Affected Software
| Vendor | Product | Version |
|---|---|---|
| tenda | w6-s_firmware | 1.0.0.4\(510\) |
References
- github.com (Exploit, Third Party Advisory)
- vuldb.com (Permissions Required, VDB Entry)
- vuldb.com (Third Party Advisory, VDB Entry)
- vuldb.com (Third Party Advisory, VDB Entry)
- www.tenda.com.cn (Product)