Tenda W6-S Firmware vulnerabilities

CVE-2025-15255 [HIGH] CWE-119 CVE-2025-15255: A vulnerability was determined in Tenda W6-S 1.0.0.4(510). This impacts an unknown function of the f A vulnerability was determined in Tenda W6-S 1.0.0.4(510). This impacts an unknown function of the file /bin/httpd of the component R7websSsecurityHandler. Executing a manipulation of the argument Cookie can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.

CVE-2025-15254 [MEDIUM] CWE-77 CVE-2025-15254: A vulnerability was found in Tenda W6-S 1.0.0.4(510). This affects the function TendaAte of the file A vulnerability was found in Tenda W6-S 1.0.0.4(510). This affects the function TendaAte of the file /goform/ate of the component ATE Service. Performing a manipulation results in os command injection. The attack may be initiated remotely. The exploit has been made public and could be used.

CVE-2025-28220 [HIGH] CWE-120 CVE-2025-28220: Tenda W6_S v1.0.0.4_510 has a Buffer Overflow vulnerability in the setcfm function, which allows rem Tenda W6_S v1.0.0.4_510 has a Buffer Overflow vulnerability in the setcfm function, which allows remote attackers to cause web server crash via parameter funcpara1 passed to the binary through a POST request.

CVE-2025-28221 [HIGH] CWE-120 CVE-2025-28221: Tenda W6_S v1.0.0.4_510 has a Buffer Overflow vulnerability in the set_local_time function, which al Tenda W6_S v1.0.0.4_510 has a Buffer Overflow vulnerability in the set_local_time function, which allows remote attackers to cause web server crash via parameter time passed to the binary through a POST request.

CVE-2022-45497 [CRITICAL] CWE-78 CVE-2022-45497: Tenda W6-S v1.0.0.4(510) was discovered to contain a command injection vulnerability in the tpi_get_ Tenda W6-S v1.0.0.4(510) was discovered to contain a command injection vulnerability in the tpi_get_ping_output function at /goform/exeCommand.

CVE-2022-45498 [HIGH] CWE-306 CVE-2022-45498: An issue in the component tpi_systool_handle(0) (/goform/SysToolReboot) of Tenda W6-S v1.0.0.4(510) An issue in the component tpi_systool_handle(0) (/goform/SysToolReboot) of Tenda W6-S v1.0.0.4(510) allows unauthenticated attackers to arbitrarily reboot the device.

CVE-2022-45503 [HIGH] CWE-787 CVE-2022-45503: Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the linkEn parameter at /gof Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the linkEn parameter at /goform/setAutoPing.

CVE-2022-45501 [HIGH] CWE-787 CVE-2022-45501: Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the wl_radio parameter at /g Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the wl_radio parameter at /goform/wifiSSIDset.

CVE-2022-45504 [HIGH] CWE-306 CVE-2022-45504: An issue in the component tpi_systool_handle(0) (/goform/SysToolRestoreSet) of Tenda W6-S v1.0.0.4(5 An issue in the component tpi_systool_handle(0) (/goform/SysToolRestoreSet) of Tenda W6-S v1.0.0.4(510) allows unauthenticated attackers to arbitrarily reboot the device.

CVE-2022-45499 [HIGH] CWE-787 CVE-2022-45499: Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the wl_radio parameter at /g Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the wl_radio parameter at /goform/WifiMacFilterGet.