Platform
tenda
Component
tenda
Fixed in
1.0.1
CVE-2026-6024 describes a Path Traversal vulnerability identified in the Tenda i6 router, specifically within the R7WebsSecurityHandlerfunction of the HTTP Handler component. This flaw allows attackers to potentially access sensitive files and directories on the device remotely. The vulnerability impacts versions 1.0.0 through 1.0.0.7(2204) of the Tenda i6. Public disclosure of this vulnerability has occurred, increasing the risk of exploitation.
Successful exploitation of CVE-2026-6024 allows an attacker to bypass access controls and read arbitrary files on the Tenda i6 router. This could include configuration files, firmware images, or other sensitive data. Depending on the contents of these files, an attacker could gain valuable information about the network, potentially leading to further attacks. While the description doesn't specify direct command execution, the ability to read configuration files could reveal credentials or other information that could be used to compromise the device or the network it's connected to. The public disclosure of this vulnerability significantly increases the likelihood of exploitation attempts.
CVE-2026-6024 has been publicly disclosed, indicating a higher probability of exploitation. The vulnerability is present in a widely used router, increasing the potential attack surface. No KEV listing or EPSS score is currently available. Public proof-of-concept exploits are likely to emerge given the public disclosure and the ease of exploiting path traversal vulnerabilities.
Exploit Status
EPSS
0.06% (19% percentile)
CISA SSVC
The primary mitigation for CVE-2026-6024 is to upgrade the Tenda i6 router to a patched firmware version. Unfortunately, a specific fixed version is not provided in the CVE details. Until a patch is available, consider implementing temporary workarounds such as restricting network access to the router using a firewall, and disabling any unnecessary services or features. Monitor router logs for suspicious activity, particularly attempts to access unusual file paths. After applying any available firmware update, verify the fix by attempting to access a restricted file via the vulnerable endpoint and confirming that access is denied.
Actualice el firmware de su dispositivo Tenda i6 a una versión corregida. Consulte el sitio web oficial de Tenda o la documentación del producto para obtener instrucciones y la última versión del firmware.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-6024 is a Path Traversal vulnerability affecting Tenda i6 routers, allowing attackers to potentially access sensitive files remotely. It has a CVSS score of 7.3 (HIGH).
You are affected if you are using a Tenda i6 router running versions 1.0.0 through 1.0.0.7(2204).
Upgrade your Tenda i6 router to a patched firmware version. Check the Tenda website for updates. If no patch is available, implement temporary workarounds like firewall restrictions.
Due to the public disclosure, it is highly probable that CVE-2026-6024 is being actively targeted by attackers.
Refer to the Tenda website or security advisory pages for the latest information and firmware updates regarding CVE-2026-6024.
CVSS Vector
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.