CVE-2025-46629

CWE-284Improper Access Control3 documents3 sources
Severity
6.5MEDIUM
EPSS
0.2%
top 58.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Tenda RX2 PRO Firmware
Timeline
PublishedMay 1
Latest updateMay 2

Description

Lack of access controls in the 'ate' management binary of the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated remote attacker to perform unauthorized configuration changes for any router where 'ate' has been enabled by sending a crafted UDP packet

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.5

Affected Packages1 packages

NVDtenda/rx2_pro_firmware16.03.30.14

🔴Vulnerability Details

2
GHSA
GHSA-f57c-fm3p-ggmf: Lack of access controls in the 'ate' management binary of the Tenda RX2 Pro 162025-05-02
CVEList
CVE-2025-46629: Lack of access controls in the 'ate' management binary of the Tenda RX2 Pro 162025-05-01
CVE-2025-46629 (MEDIUM CVSS 6.5) | Lack of access controls in the 'ate | cvebase.io