Nixpkgs security tracker

Dismissed

(not in Nixpkgs)

Permalink CVE-2026-7036

7.3 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): Low (L)
Integrity (I): Low (L)
Availability (A): Low (L)
Exploit Code Maturity (E): Proof-of-Concept (P)
Remediation Level (RL): Not Defined (X)
Report Confidence (RC): Reasonable (R)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): Low (L)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): Low (L)
Modified Availability (MA): Low (L)

updated 3 weeks, 6 days ago by @LeSuisse Activity log

Created suggestion 4 weeks ago
@LeSuisse dismissed (not in Nixpkgs) 3 weeks, 6 days ago

Tenda i9 HTTP R7WebsSecurityHandlerfunction path traversal

A vulnerability was identified in Tenda i9 1.0.0.5(2204). This vulnerability affects the function R7WebsSecurityHandlerfunction of the component HTTP Handler. The manipulation leads to path traversal. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.

References

VDB-359616 | Tenda i9 HTTP R7WebsSecurityHandlerfunction path traversal vdb-entrytechnical-description
VDB-359616 | CTI Indicators (IOB, IOC, TTP, IOA) signaturepermissions-required
Submit #798479 | Tenda i9 V1.0.0.5(2204) Absolute Path Traversal third-party-advisory
https://github.com/Litengzheng/vuldb_new/blob/main/M3/vul_80/README.md exploit
https://www.tenda.com.cn/ product

Affected products

==1.0.0.5(2204)

Matching in nixpkgs

pkgs.tests.fetchpatch.hunks

None

nixos-25.11 g14i9w095qp8
- nixos-25.11-small g14i9w095qp8
- nixpkgs-25.11-darwin g14i9w095qp8

pkgs.tests.fetchpatch.relative