CVE-2025-15254
OS Command Injection in Tenda W6-S ATE Service (Remote Exploit
Publication date: 2025-12-30
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tenda | w6-s | 1.0.0.4 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the Tenda W6-S router firmware version 1.0.0.4(510) is running and if the 'ate' service is enabled and listening on UDP port 7329. You can scan your network for devices with UDP port 7329 open. Additionally, monitoring HTTP requests to the endpoint /goform/ate for attempts to enable the 'ate' service remotely can help detect exploitation attempts. A specific detection command could be to use a network scanner like nmap to check UDP port 7329: `nmap -sU -p 7329 <target-ip>`. Also, inspecting logs for HTTP POST requests to /goform/ate may indicate attempts to enable the vulnerable service. [2]
Can you explain this vulnerability to me?
This vulnerability exists in the Tenda W6-S 1.0.0.4(510) device, specifically in the TendaAte function of the /goform/ate component of the ATE Service. It allows an attacker to perform OS command injection by manipulating this function, potentially remotely. This means an attacker could execute arbitrary operating system commands on the device.
How can this vulnerability impact me? :
The vulnerability can allow a remote attacker to execute arbitrary OS commands on the affected device, which could lead to unauthorized control, data compromise, disruption of service, or further attacks within the network where the device is deployed.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include disabling or blocking access to the 'ate' service on UDP port 7329 to prevent remote exploitation. Restrict network access to the device, especially blocking UDP port 7329 at the firewall. Since no known countermeasures or patches exist, it is recommended to replace the affected Tenda W6-S router with an alternative device or firmware version that is not vulnerable. Monitoring for exploitation attempts and isolating the device from untrusted networks can also reduce risk. [3, 2]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not contain information regarding the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.