PT-2025-18702 · Tenda · Tenda Rx2 Pro
Published
2025-05-01
·
Updated
2025-05-27
·
CVE-2025-46628
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Tenda RX2 Pro version 16.03.30.14
Description
The issue is related to a lack of input validation/sanitization in the 'ate' management service, allowing an unauthorized remote attacker to gain root shell access to the device by sending a crafted UDP packet to the 'ate' service when it is enabled. No authentication is required for this exploit.
Recommendations
For Tenda RX2 Pro version 16.03.30.14, consider disabling the 'ate' management service until a patch is available to prevent unauthorized access. Restrict access to the 'ate' service to minimize the risk of exploitation.
Exploit
Fix
RCE
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tenda Rx2 Pro