Tenda W6-S vulnerabilities

CVE-2025-15255 [HIGH] CWE-119 CVE-2025-15255: A vulnerability was determined in Tenda W6-S 1.0.0.4(510). This impacts an unknown function of the f A vulnerability was determined in Tenda W6-S 1.0.0.4(510). This impacts an unknown function of the file /bin/httpd of the component R7websSsecurityHandler. Executing a manipulation of the argument Cookie can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.

CVE-2025-15254 [MEDIUM] CWE-77 CVE-2025-15254: A vulnerability was found in Tenda W6-S 1.0.0.4(510). This affects the function TendaAte of the file A vulnerability was found in Tenda W6-S 1.0.0.4(510). This affects the function TendaAte of the file /goform/ate of the component ATE Service. Performing a manipulation results in os command injection. The attack may be initiated remotely. The exploit has been made public and could be used.