CVE-2025-46635

Name of the Vulnerable Software and Affected Versions Tenda RX2 Pro version 16.03.30.14

Description An issue was discovered that allows an attacker, who is authenticated to the guest Wi-Fi network, to access resources on the router and/or resources and devices on other networks hosted by the router. This is possible due to improper network isolation between the guest Wi-Fi network and other network interfaces on the router, which can be exploited by configuring a static IP address within the non-guest subnet on the attacker's host.

Recommendations For Tenda RX2 Pro version 16.03.30.14, as a temporary workaround, consider restricting access to the router's network interfaces to minimize the risk of exploitation. Additionally, avoid using static IP addresses within the non-guest subnet on devices connected to the guest Wi-Fi network until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.