Sign-up

ID

VAR-202505-0400


CVE

CVE-2025-46625


TITLE

Shenzhen Tenda Technology Co.,Ltd.  of  RX2 Pro  Command injection vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-005739

DESCRIPTION

Lack of input validation/sanitization in the 'setLanCfg' API endpoint in httpd in the Tenda RX2 Pro 16.03.30.14 allows a remote attacker that is authorized to the web management portal to gain root shell access to the device by sending a crafted web request. This is persistent because the command injection is saved in the configuration of the device. Shenzhen Tenda Technology Co.,Ltd. of RX2 Pro Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda RX2 Pro is a high-performance WiFi 6 signal amplifier from China's Tenda. Tenda RX2 Pro has an input validation error vulnerability, which stems from the lack of input validation in the setLanCfg API endpoint. Attackers can exploit this vulnerability to gain root shell access

Trust: 2.16

sources: NVD: CVE-2025-46625 // JVNDB: JVNDB-2025-005739 // CNVD: CNVD-2025-09930

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-09930

AFFECTED PRODUCTS

vendor:tendamodel:rx2 proscope:eqversion:16.03.30.14

Trust: 1.6

vendor:tendamodel:rx2 proscope:eqversion:rx2 pro firmware 16.03.30.14

Trust: 0.8

vendor:tendamodel:rx2 proscope:eqversion: -

Trust: 0.8

vendor:tendamodel:rx2 proscope: - version: -

Trust: 0.8

sources: CNVD: CNVD-2025-09930 // JVNDB: JVNDB-2025-005739 // NVD: CVE-2025-46625

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2025-46625
value: HIGH

Trust: 1.0

OTHER: JVNDB-2025-005739
value: HIGH

Trust: 0.8

CNVD: CNVD-2025-09930
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-09930
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2025-46625
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2025-005739
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-09930 // JVNDB: JVNDB-2025-005739 // NVD: CVE-2025-46625

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.0

problemtype:Command injection (CWE-77) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-005739 // NVD: CVE-2025-46625

PATCH

title:Patch for Tenda RX2 Pro setLanCfg API endpoint input validation error vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/688156

Trust: 0.6

sources: CNVD: CNVD-2025-09930

EXTERNAL IDS

db:NVDid:CVE-2025-46625

Trust: 3.2

db:JVNDBid:JVNDB-2025-005739

Trust: 0.8

db:CNVDid:CNVD-2025-09930

Trust: 0.6

sources: CNVD: CNVD-2025-09930 // JVNDB: JVNDB-2025-005739 // NVD: CVE-2025-46625

REFERENCES

url:https://blog.uturn.dev/#/writeups/iot-village/tenda-rx2pro/readme?id=cve-2025-46625-command-injection-through-setlancfg-in-httpd

Trust: 1.8

url:https://www.tendacn.com/us/default.html

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2025-46625

Trust: 1.4

sources: CNVD: CNVD-2025-09930 // JVNDB: JVNDB-2025-005739 // NVD: CVE-2025-46625

SOURCES

db:CNVDid:CNVD-2025-09930
db:JVNDBid:JVNDB-2025-005739
db:NVDid:CVE-2025-46625

LAST UPDATE DATE

2025-05-29T23:44:26.085000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-09930date:2025-05-16T00:00:00
db:JVNDBid:JVNDB-2025-005739date:2025-05-28T04:48:00
db:NVDid:CVE-2025-46625date:2025-05-27T14:22:39.907

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-09930date:2025-05-15T00:00:00
db:JVNDBid:JVNDB-2025-005739date:2025-05-28T00:00:00
db:NVDid:CVE-2025-46625date:2025-05-01T20:15:38.037