Rx2 Pro Firmware Security Vulnerabilities and Issues — Rx2 Pro Firmware CVE List

Lucene search

TendaRx2 Pro Firmware

11 matches found

CVE•added 2025/05/01 8:15 p.m.•55 views

CVE-2025-46628

Lack of input validation/sanitization in the 'ate' management service in the Tenda RX2 Pro 16.03.30.14 allows an unauthorized remote attacker to gain root shell access to the device by sending a crafted UDP packet to the 'ate' service when it is enabled. Authentication is not needed.

7.3CVSS6.9AI score0.00413EPSS

CVE•added 2025/05/01 8:15 p.m.•49 views

CVE-2025-46633

Cleartext transmission of sensitive information in the web management portal of the Tenda RX2 Pro 16.03.30.14 allows an attacker to decrypt traffic between the client and server by collecting the symmetric AES key from collected and/or observed traffic. The AES key in sent in cleartext in response ...

8.2CVSS6.5AI score0.0005EPSS

CVE•added 2025/05/01 8:15 p.m.•48 views

CVE-2025-46625

Lack of input validation/sanitization in the 'setLanCfg' API endpoint in httpd in the Tenda RX2 Pro 16.03.30.14 allows a remote attacker that is authorized to the web management portal to gain root shell access to the device by sending a crafted web request. This is persistent because the command i...

8.8CVSS7.5AI score0.00522EPSS

CVE•added 2025/05/01 8:15 p.m.•48 views

CVE-2025-46631

Improper access controls in the web management portal of the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated remote attacker to enable telnet access to the router's OS by sending a /goform/telnet web request.

6.5CVSS7.1AI score0.00098EPSS

CVE•added 2025/05/01 8:15 p.m.•48 views

CVE-2025-46635

An issue was discovered on Tenda RX2 Pro 16.03.30.14 devices. Improper network isolation between the guest Wi-Fi network and other network interfaces on the router allows an attacker (who is authenticated to the guest Wi-Fi) to access resources on the router and/or resources and devices on other ne...

7.1CVSS6.8AI score0.00042EPSS

CVE•added 2025/05/01 8:15 p.m.•47 views

CVE-2025-46634

Cleartext transmission of sensitive information in the web management portal of the Tenda RX2 Pro 16.03.30.14 may allow an unauthenticated attacker to authenticate to the web management portal by collecting credentials from observed/collected traffic. It implements encryption, but not until after t...

8.2CVSS6.5AI score0.0002EPSS

CVE•added 2025/05/01 8:15 p.m.•46 views

CVE-2025-46626

Reuse of a static AES key and initialization vector for encrypted traffic to the 'ate' management service of the Tenda RX2 Pro 16.03.30.14 allows an attacker to decrypt, replay, and/or forge traffic to the service.

7.3CVSS6.6AI score0.0003EPSS

CVE•added 2025/05/01 8:15 p.m.•46 views

CVE-2025-46627

Use of weak credentials in the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated attacker to authenticate to the telnet service by calculating the root password based on easily-obtained device information. The password is based on the last two digits/octets of the MAC address.

8.2CVSS7.3AI score0.00076EPSS

CVE•added 2025/05/01 8:15 p.m.•46 views

CVE-2025-46629

Lack of access controls in the 'ate' management binary of the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated remote attacker to perform unauthorized configuration changes for any router where 'ate' has been enabled by sending a crafted UDP packet

6.5CVSS7.1AI score0.00069EPSS

CVE•added 2025/05/01 8:15 p.m.•44 views

CVE-2025-46630

Improper access controls in the web management portal of the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated remote attacker to enable 'ate' (a remote system management binary) by sending a /goform/ate web request.

6.5CVSS6.8AI score0.00071EPSS

CVE•added 2025/05/01 8:15 p.m.•44 views

CVE-2025-46632

Initialization vector (IV) reuse in the web management portal of the Tenda RX2 Pro 16.03.30.14 may allow an attacker to discern information about or more easily decrypt encrypted messages between client and server.

6.5CVSS6.4AI score0.00053EPSS