Lucene search
+L

6 matches found

RedhatCVE
RedhatCVE
added 2025/05/03 1:36 a.m.22 views

CVE-2025-46625

Lack of input validation/sanitization in the 'setLanCfg' API endpoint in httpd in the Tenda RX2 Pro 16.03.30.14 allows a remote attacker that is authorized to the web management portal to gain root shell access to the device by sending a crafted web request. This is persistent because the command...

8.8CVSS8.1AI score0.0083EPSS
Exploits0References1
Circl
Circl
added 2025/05/01 10:1 p.m.20 views

CVE-2025-46625

creationtimestamp| type| source ---|---|--- 2025-05-01 22:01:11+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lo5cpttur72p 2025-05-01 23:12:36+00:00| seen| https://t.me/cvedetector/24268 2025-05-02 14:15:54+00:00| published-proof-of-concept|...

8.8CVSS4.8AI score0.0083EPSS
Exploits0References3
NVD
NVD
added 2025/05/01 8:15 p.m.27 views

CVE-2025-46625

Lack of input validation/sanitization in the 'setLanCfg' API endpoint in httpd in the Tenda RX2 Pro 16.03.30.14 allows a remote attacker that is authorized to the web management portal to gain root shell access to the device by sending a crafted web request. This is persistent because the command...

8.8CVSS0.0083EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/05/01 12:0 a.m.9 views

CVE-2025-46625

Lack of input validation/sanitization in the 'setLanCfg' API endpoint in httpd in the Tenda RX2 Pro 16.03.30.14 allows a remote attacker that is authorized to the web management portal to gain root shell access to the device by sending a crafted web request. This is persistent because the command...

8AI score0.0083EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/05/01 12:0 a.m.32 views

CVE-2025-46625

Lack of input validation/sanitization in the 'setLanCfg' API endpoint in httpd in the Tenda RX2 Pro 16.03.30.14 allows a remote attacker that is authorized to the web management portal to gain root shell access to the device by sending a crafted web request. This is persistent because the command...

0.0083EPSS
Exploits0References2
CVE
CVE
added 2025/05/01 12:0 a.m.69 views

CVE-2025-46625

The CVE concerns the Tenda RX2 Pro (firmware 16.03.30.14) where lack of input validation/sanitization in the httpd setLanCfg API enables an authorized attacker to achieve root shell access via a crafted request. The vulnerability is persisted because the command injection is saved in the device c...

8.8CVSS7.5AI score0.0083EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder