जमा करें #791826: Tenda i6 V1.0.0.7(2204) Path Traversalजानकारी

शीर्षकTenda i6 V1.0.0.7(2204) Path Traversal
विवरणA critical authentication bypass vulnerability exists in the Tenda i6 router, specifically within the R7WebsSecurityHandlerfunction of the V1.0.0.7(2204) firmware. This function acts as a security gatekeeper for all incoming HTTP requests. Its primary mechanism is a URL prefix whitelist (e.g., /public/, /lang/) meant to grant unauthenticated access to static resources. The function uses strncmp to check if the request URL begins with these trusted prefixes: e.g., if ( !strncmp(s1, "/public/", 8u) ... return 0;.However, the application fails to validate or canonicalize the subsequent part of the URL. An unauthenticated remote attacker can send a crafted HTTP request that starts with a whitelisted prefix but employs directory traversal sequences (../) to escape the restricted directory.For example, a request to /public/../system_upgrade.asp will satisfy the strncmp check (bypassing authentication) but will be resolved by the web server to the sensitive system_upgrade.asp page, granting full administrative access.
स्रोत⚠️ https://github.com/Litengzheng/vuldb_new/blob/main/M3/vul_84/README.md
उपयोगकर्ता LtzHuster2 (UID 96397)
सबमिशन28/03/2026 09:22 AM (4 महीनों पहले)
संयम09/04/2026 05:51 PM (12 days later)
स्थितिस्वीकृत
VulDB प्रविष्टि356600 [Tenda i6 1.0.0.7(2204) HTTP R7WebsSecurityHandlerfunction निर्देशिका ट्रैवर्सल]
अंक20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!