CVE-2026-6024

HIGH

A vulnerability was determined in Tenda i6 1.0.0.7(2204). Affected by this issue is the function R7WebsSecurityHandlerfunction of the component HTTP Handler. This manipulation causes path traversal. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.

CVSS v3.1 Score

7.3

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector

NETWORK

Complexity

LOW

Privileges

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Published: 4/10/2026Modified: 4/30/2026

Related Intelligence (0)

No articles currently reference this CVE.

References (5)

https://github.com/Litengzheng/vuldb_new/blob/main/M3/vul_84/README.mdExploitThird Party Advisory https://vuldb.com/submit/791826Third Party AdvisoryVDB Entry https://vuldb.com/vuln/356600Third Party AdvisoryVDB Entry https://vuldb.com/vuln/356600/ctiPermissions RequiredVDB Entry https://www.tenda.com.cn/Product