6 matches found
CVE-2025-46625
Lack of input validation/sanitization in the 'setLanCfg' API endpoint in httpd in the Tenda RX2 Pro 16.03.30.14 allows a remote attacker that is authorized to the web management portal to gain root shell access to the device by sending a crafted web request. This is persistent because the command...
CVE-2025-46625
creationtimestamp| type| source ---|---|--- 2025-05-01 22:01:11+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lo5cpttur72p 2025-05-01 23:12:36+00:00| seen| https://t.me/cvedetector/24268 2025-05-02 14:15:54+00:00| published-proof-of-concept|...
CVE-2025-46625
Lack of input validation/sanitization in the 'setLanCfg' API endpoint in httpd in the Tenda RX2 Pro 16.03.30.14 allows a remote attacker that is authorized to the web management portal to gain root shell access to the device by sending a crafted web request. This is persistent because the command...
CVE-2025-46625
Lack of input validation/sanitization in the 'setLanCfg' API endpoint in httpd in the Tenda RX2 Pro 16.03.30.14 allows a remote attacker that is authorized to the web management portal to gain root shell access to the device by sending a crafted web request. This is persistent because the command...
CVE-2025-46625
Lack of input validation/sanitization in the 'setLanCfg' API endpoint in httpd in the Tenda RX2 Pro 16.03.30.14 allows a remote attacker that is authorized to the web management portal to gain root shell access to the device by sending a crafted web request. This is persistent because the command...
CVE-2025-46625
The CVE concerns the Tenda RX2 Pro (firmware 16.03.30.14) where lack of input validation/sanitization in the httpd setLanCfg API enables an authorized attacker to achieve root shell access via a crafted request. The vulnerability is persisted because the command injection is saved in the device c...