Tenda W6-S ATE Service ate TendaAte os command injection

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was found in Tenda W6-S 1.0.0.4(510). This affects the function TendaAte of the file /goform/ate of the component ATE Service. Performing manipulation results in os command injection. The attack may be initiated remotely. The exploit has been made public and could be used.

Basic Information

ID CVE-2025-15254

Source VulDB

Published Dec 30, 2025 at 15:32

Modified Dec 30, 2025 at 15:35

Affected Product

Vendor Tenda

Product W6-S

Version 1.0.0.4(510)

Affected Versions Tenda W6-S 1.0.0.4(510)

CWE Classification

CWE-78 CWE-77

References

{
    "lastseen": "",
    "description": "A vulnerability was found in Tenda W6-S 1.0.0.4(510). This affects the function TendaAte of the file /goform/ate of the component ATE Service. Performing manipulation results in os command injection. The attack may be initiated remotely. The exploit has been made public and could be used.",
    "published": "2025-12-30T15:32:07.822Z",
    "modified": "2025-12-30T15:35:22.187Z",
    "type": "cve",
    "title": "Tenda W6-S ATE Service ate TendaAte os command injection",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.338644\nhttps://vuldb.com/?ctiid.338644\nhttps://vuldb.com/?submit.725499\nhttps://github.com/dwBruijn/CVEs/blob/main/Tenda/ate.md\nhttps://www.tenda.com.cn/",
    "id": "CVE-2025-15254",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78",
        "CWE-77"
    ],
    "cvelist": null,
    "sourceData": "Tenda W6-S 1.0.0.4(510)",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "W6-S",
    "version": "1.0.0.4(510)",
    "vendor": "Tenda",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Tenda W6-S ATE Service ate TendaAte os command injection_CVE-2025-15254