CVE-2025-15254

CWE-77Command InjectionCWE-78OS Command InjectionCWE-119Buffer Overflow4 documents4 sources
Severity
5.3MEDIUM
EPSS
0.9%
top 24.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Tenda W6-sTenda W6-s Firmware
Timeline
PublishedDec 30

Description

A vulnerability was found in Tenda W6-S 1.0.0.4(510). This affects the function TendaAte of the file /goform/ate of the component ATE Service. Performing a manipulation results in os command injection. The attack may be initiated remotely. The exploit has been made public and could be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5tenda/w6-s1.0.0.4(510)
NVDtenda/w6-s_firmware1.0.0.4\(510\)

🔴Vulnerability Details

2
GHSA
GHSA-grrf-q8mm-c5x7: A vulnerability was found in Tenda W6-S 12025-12-30
CVEList
Tenda W6-S ATE Service ate TendaAte os command injection2025-12-30

📋Vendor Advisories

1
Microsoft
Undefined Behavior in bounded Crossbeam channel2020-10-13
CVE-2025-15254 (MEDIUM CVSS 5.3) | A vulnerability was found in Tenda | cvebase.io