Plattform
tenda
Komponente
tenda
Behoben in
1.0.1
CVE-2026-6024 describes a Path Traversal vulnerability discovered in the Tenda i6 router. This flaw allows attackers to potentially access sensitive files and directories on the device, leading to unauthorized data exposure or system compromise. The vulnerability affects versions 1.0.0 through 1.0.0.7(2204) of the Tenda i6. A patch is expected from the vendor.
The Path Traversal vulnerability in Tenda i6 allows an attacker to bypass access controls and retrieve arbitrary files from the router's file system. This could include configuration files containing sensitive credentials, firmware images, or other proprietary data. Successful exploitation could lead to complete compromise of the router, enabling the attacker to modify settings, intercept network traffic, or use the device as a launchpad for further attacks on the internal network. The publicly disclosed nature of this vulnerability increases the risk of exploitation.
This vulnerability has been publicly disclosed, increasing the likelihood of exploitation. The exploit is considered relatively straightforward, potentially making it accessible to a wide range of attackers. No KEV listing or active exploitation campaigns are currently known, but the public disclosure warrants immediate attention and mitigation efforts. The vulnerability was published on 2026-04-10.
Home users and small businesses relying on Tenda i6 routers are at risk. Those with exposed routers on the public internet are particularly vulnerable. Users who have not updated their router firmware regularly are also at increased risk.
• linux / server:
journalctl -u tenda_i6 | grep -i "path traversal"• generic web:
curl -I http://<router_ip>/../../../../etc/passwd• generic web:
grep -r "R7WebsSecurityHandlerfunction" /var/log/nginx/access.logdisclosure
Exploit-Status
EPSS
0.06% (19% Perzentil)
CISA SSVC
CVSS-Vektor
While a vendor patch is pending, several mitigation steps can be taken to reduce the risk. Implement a Web Application Firewall (WAF) with rules to restrict access to sensitive files and directories, specifically blocking requests containing path traversal sequences (e.g., '../'). Review and harden router configurations, ensuring strong passwords and disabling unnecessary services. Monitor router logs for suspicious activity, particularly attempts to access unusual file paths. Consider temporarily restricting access to the router's web interface from untrusted networks.
Actualice el firmware de su dispositivo Tenda i6 a una versión corregida. Consulte el sitio web oficial de Tenda o la documentación del producto para obtener instrucciones y la última versión del firmware.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-6024 is a Path Traversal vulnerability affecting Tenda i6 routers, allowing attackers to potentially access sensitive files remotely. It has a CVSS score of 7.3 (HIGH).
You are affected if you are using a Tenda i6 router running versions 1.0.0 through 1.0.0.7(2204).
Upgrade your Tenda i6 router to a patched firmware version. Check the Tenda website for updates. If no patch is available, implement temporary workarounds like firewall restrictions.
Due to the public disclosure, it is highly probable that CVE-2026-6024 is being actively targeted by attackers.
Refer to the Tenda website or security advisory pages for the latest information and firmware updates regarding CVE-2026-6024.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.