Tenda i3 HTTP R7WebsSecurityHandler path traversal_CVE-2026-5841

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A weakness has been identified in Tenda i3 1.0.0.6(2204). The affected element is the function R7WebsSecurityHandler of the component HTTP Handler. Executing a manipulation can lead to path traversal. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.

Basic Information

ID CVE-2026-5841

Source VulDB

Published Apr 9, 2026 at 04:15

Modified Apr 9, 2026 at 13:27

Affected Product

Vendor Tenda

Product i3

Version 1.0.0.6(2204)

Affected Versions Tenda i3 1.0.0.6(2204)

CWE Classification

CWE-22

References

{
    "lastseen": "",
    "description": "A weakness has been identified in Tenda i3 1.0.0.6(2204). The affected element is the function R7WebsSecurityHandler of the component HTTP Handler. Executing a manipulation can lead to path traversal. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.",
    "published": "2026-04-09T04:15:19.245Z",
    "modified": "2026-04-09T13:27:56.313Z",
    "type": "cve",
    "title": "Tenda i3 HTTP R7WebsSecurityHandler path traversal",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/356297\nhttps://vuldb.com/vuln/356297/cti\nhttps://vuldb.com/submit/789935\nhttps://github.com/MrXiaoFan/TendaVul/tree/main/tenda-i3-V1.0.0.6(2204)-R7WebsSecurityHandler-Authentication%20Bypass%20Issues\nhttps://www.tenda.com.cn/",
    "id": "CVE-2026-5841",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "Tenda i3 1.0.0.6(2204)",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "i3",
    "version": "1.0.0.6(2204)",
    "vendor": "Tenda",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}