Which versions of Tenda are affected by CVE-2026-6024?

CVE-2026-6024 is a critical path traversal vulnerability in Tenda i6 routers that enables unauthenticated remote attackers to read, write, or delete arbitrary files on affected devices.

Is there a public PoC exploit available for CVE-2026-6024?

Yes, a public proof-of-concept exploit is available for CVE-2026-6024. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2026-6024?

Within 24 hours: Inventory all Tenda i6 routers in production and identify devices running firmware 1.0.0.7(2204). Within 7 days: Isolate affected routers from untrusted networks or implement network segmentation limiting external access to administrative interfaces. Within 30 days: Monitor Tenda vendor advisories for firmware patches; if available, upgrade all vulnerable devices to patched firmware versions immediately upon release. Concurrently, evaluate replacement of Tenda i6 routers with alternative vendors offering active security support.

Tenda CVE-2026-6024

Q: What is the CVSS score of CVE-2026-6024?

CVE-2026-6024 has a CVSS 4.0 base score of 5.5 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

EUVD-2026-21313 MEDIUM

Path Traversal (CWE-22)

2026-04-10 VulDB

GHSA-5v5f-c63q-mm7g

Path Traversal Tenda

5.5

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

CVSS changed

Apr 29, 2026 - 01:11 NVD

6.9 (MEDIUM) 5.5 (MEDIUM)

PoC Detected

Apr 10, 2026 - 06:16 vuln.today

Public exploit code

EUVD ID Assigned

Apr 10, 2026 - 05:45 euvd

EUVD-2026-21313

Analysis Generated

Apr 10, 2026 - 05:45 vuln.today

CVE Published

Apr 10, 2026 - 05:15 nvd

MEDIUM 6.9

DescriptionNVD

A vulnerability was determined in Tenda i6 1.0.0.7(2204). Affected by this issue is the function R7WebsSecurityHandlerfunction of the component HTTP Handler. This manipulation causes path traversal. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.

AnalysisAI

Path traversal in Tenda i6 router firmware 1.0.0.7(2204) allows unauthenticated remote attackers to read, write, or delete arbitrary files via malicious HTTP requests to the R7WebsSecurityHandlerfunction component. CVSS 7.3 (High) reflects network-accessible exploitation without authentication. …

RemediationAI

Within 24 hours: Inventory all Tenda i6 routers in production and identify devices running firmware 1.0.0.7(2204). Within 7 days: Isolate affected routers from untrusted networks or implement network segmentation limiting external access to administrative interfaces. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-6024 vulnerability details – vuln.today

Back

Tenda CVE-2026-6024

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Tenda CVE-2026-6024

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code