CVE-2025-46629

Published May 1, 2025

Last updated a month ago

CVSS medium 6.5

Overview

Description: Lack of access controls in the 'ate' management binary of the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated remote attacker to perform unauthorized configuration changes for any router where 'ate' has been enabled by sending a crafted UDP packet
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Secondary
Base score: 6.5
Impact score: 2.5
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Severity: MEDIUM

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-284

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:tenda:rx2_pro_firmware:16.03.30.14:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A6C6559F-BD91-44DF-BA9E-2F55C714009C"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:tenda:rx2_pro:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E95CB932-CDB6-4E44-A868-5DEEAD982F7C"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References