CVE-2025-46635 — Improper Access Control in RX2 PRO Firmware

CWE-284 — Improper Access Control3 documents3 sources

Severity

7.1HIGHNVD

EPSS

0.2%

top 54.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tenda RX2 PRO Firmware

Timeline

PublishedMay 1

Latest updateMay 2

Description

An issue was discovered on Tenda RX2 Pro 16.03.30.14 devices. Improper network isolation between the guest Wi-Fi network and other network interfaces on the router allows an attacker (who is authenticated to the guest Wi-Fi) to access resources on the router and/or resources and devices on other networks hosted by the router by configuring a static IP address (within the non-guest subnet) on their host.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:NExploitability: 2.8 | Impact: 4.2

Affected Packages1 packages

▶NVDtenda/rx2_pro_firmware16.03.30.14

🔴Vulnerability Details

GHSA

GHSA-qmqc-h5gj-qcf5: An issue was discovered on Tenda RX2 Pro 16↗2025-05-02

▶

CVEList

CVE-2025-46635: An issue was discovered on Tenda RX2 Pro 16↗2025-05-01

▶