Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-46629

Lack of access controls in the 'ate' management binary of the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated remote attacker to perform unauthorized configuration changes for any router where 'ate' has been enabled by sending a crafted UDP packet

Published

2025-05-01T20:15:38.660

Last Modified

2025-05-27T14:24:23.877

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-284

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	tenda	rx2_pro_firmware	16.03.30.14	Yes
Hardware	tenda	rx2_pro	-	No

References

https://blog.uturn.dev/#/writeups/iot-village/tenda-rx2pro/README?id=cve-2025-46629-lack-of-authentication-in-ate Third Party Advisory, Exploit ([email protected])
https://www.tendacn.com/us/default.html Product ([email protected])