CVE-2026-6024

HIGH 7.3

Tenda i6 HTTP R7WebsSecurityHandlerfunction path traversal

CVSS Score

7.3

EPSS Score

0.1%

EPSS Percentile

19th

A vulnerability was determined in Tenda i6 1.0.0.7(2204). Affected by this issue is the function R7WebsSecurityHandlerfunction of the component HTTP Handler. This manipulation causes path traversal. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.

CWE	CWE-22
Vendor	tenda
Product	i6
Published	Apr 10, 2026
Last Updated	Apr 10, 2026

Stay Ahead of the Next One

Get instant alerts for tenda i6

Be the first to know when new high vulnerabilities affecting tenda i6 are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

Tenda / i6

1.0.0.7(2204)

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/356600 vuldb.com: https://vuldb.com/vuln/356600/cti vuldb.com: https://vuldb.com/submit/791826 github.com: https://github.com/Litengzheng/vuldb_new/blob/main/M3/vul_84/README.md tenda.com.cn: https://www.tenda.com.cn/

Credits

🔍 LtzHuster2 (VulDB User)