ID

VAR-202604-2239


CVE

CVE-2026-6024


TITLE

Shenzhen Tenda Technology Co.,Ltd. of i6  Path traversal vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-013781

DESCRIPTION

A vulnerability was determined in Tenda i6 1.0.0.7(2204). Affected by this issue is the function R7WebsSecurityHandlerfunction of the component HTTP Handler. This manipulation causes path traversal. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-6024 // JVNDB: JVNDB-2026-013781

AFFECTED PRODUCTS

vendor:tendamodel:i6scope:eqversion:1.0.0.7\(2204\)

Trust: 1.0

vendor:tendamodel:i6scope: - version: -

Trust: 0.8

vendor:tendamodel:i6scope:eqversion: -

Trust: 0.8

vendor:tendamodel:i6scope:eqversion:i6 firmware 1.0.0.7¥(2204¥)

Trust: 0.8

sources: JVNDB: JVNDB-2026-013781 // NVD: CVE-2026-6024

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2026-6024
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2026-6024
value: CRITICAL

Trust: 1.0

OTHER: JVNDB-2026-013781
value: CRITICAL

Trust: 0.8

cna@vuldb.com: CVE-2026-6024
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2026-013781
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2026-6024
baseSeverity: HIGH
baseScore: 7.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 3.4
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2026-6024
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2026-013781
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2026-013781 // NVD: CVE-2026-6024 // NVD: CVE-2026-6024

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.0

problemtype:Path traversal (CWE-22) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-013781 // NVD: CVE-2026-6024

PATCH

title://vuldb.com/vuln/356600url:https://github.com/Litengzheng/vuldb_new/blob/main/M3/vul_84/README.md

Trust: 0.8

sources: JVNDB: JVNDB-2026-013781

EXTERNAL IDS

db:NVDid:CVE-2026-6024

Trust: 2.6

db:JVNDBid:JVNDB-2026-013781

Trust: 0.8

sources: JVNDB: JVNDB-2026-013781 // NVD: CVE-2026-6024

REFERENCES

url:https://www.tenda.com.cn/

Trust: 1.8

url:https://vuldb.com/vuln/356600/cti

Trust: 1.0

url:https://vuldb.com/vuln/356600

Trust: 1.0

url:https://vuldb.com/submit/791826

Trust: 1.0

url:https://github.com/litengzheng/vuldb_new/blob/main/m3/vul_84/readme.md

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2026-6024

Trust: 0.8

sources: JVNDB: JVNDB-2026-013781 // NVD: CVE-2026-6024

SOURCES

db:JVNDBid:JVNDB-2026-013781
db:NVDid:CVE-2026-6024

LAST UPDATE DATE

2026-06-19T22:32:57.406000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2026-013781date:2026-05-01T01:42:00
db:NVDid:CVE-2026-6024date:2026-04-30T13:54:19.950

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2026-013781date:2026-05-01T00:00:00
db:NVDid:CVE-2026-6024date:2026-04-10T06:16:06.993