Details of VAR-202505-1362

ID

VAR-202505-1362

CVE

CVE-2025-46635

TITLE

Shenzhen Tenda Technology Co.,Ltd. of RX2 Pro Access control vulnerabilities in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-005817

DESCRIPTION

An issue was discovered on Tenda RX2 Pro 16.03.30.14 devices. Improper network isolation between the guest Wi-Fi network and other network interfaces on the router allows an attacker (who is authenticated to the guest Wi-Fi) to access resources on the router and/or resources and devices on other networks hosted by the router by configuring a static IP address (within the non-guest subnet) on their host. Shenzhen Tenda Technology Co.,Ltd. of RX2 Pro Firmware contains an access control vulnerability.Information may be obtained and information may be tampered with. Tenda RX2 Pro is a high-performance WiFi 6 signal amplifier from China's Tenda. Tenda RX2 Pro 16.03.30.14 version has a security bypass vulnerability that can be exploited by attackers to access routers and other network resources

Trust: 2.16

sources: NVD: CVE-2025-46635 // JVNDB: JVNDB-2025-005817 // CNVD: CNVD-2025-13837

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-13837

AFFECTED PRODUCTS

vendor:	tenda	model:	rx2 pro	scope:	eq	version:	16.03.30.14	Trust: 1.6
vendor:	tenda	model:	rx2 pro	scope:	eq	version:	rx2 pro firmware 16.03.30.14	Trust: 0.8
vendor:	tenda	model:	rx2 pro	scope:	eq	version:	-	Trust: 0.8
vendor:	tenda	model:	rx2 pro	scope:	-	version:	-	Trust: 0.8

sources: CNVD: CNVD-2025-13837 // JVNDB: JVNDB-2025-005817 // NVD: CVE-2025-46635

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-46635
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2025-005817
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-13837
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-13837
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:S/C:C/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	7.8
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-46635
baseSeverity:	HIGH
baseScore:	7.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	4.2
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-005817
baseSeverity:	HIGH
baseScore:	7.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-13837 // JVNDB: JVNDB-2025-005817 // NVD: CVE-2025-46635

PROBLEMTYPE DATA

problemtype:	CWE-284	Trust: 1.0
problemtype:	Inappropriate access control (CWE-284) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-005817 // NVD: CVE-2025-46635

PATCH

title:

Patch for Tenda RX2 Pro Security Bypass Vulnerability (CNVD-2025-13837)

url:

https://www.cnvd.org.cn/patchInfo/show/702391

Trust: 0.6

sources: CNVD: CNVD-2025-13837

EXTERNAL IDS

db:	NVD	id:	CVE-2025-46635	Trust: 3.2
db:	JVNDB	id:	JVNDB-2025-005817	Trust: 0.8
db:	CNVD	id:	CNVD-2025-13837	Trust: 0.6

sources: CNVD: CNVD-2025-13837 // JVNDB: JVNDB-2025-005817 // NVD: CVE-2025-46635

REFERENCES

url:	https://blog.uturn.dev/#/writeups/iot-village/tenda-w18e/readme?id=cve-2024-46435-delfacebookpic-stack-overflow	Trust: 1.8
url:	https://www.tendacn.com/us/default.html	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2025-46635	Trust: 1.4

sources: CNVD: CNVD-2025-13837 // JVNDB: JVNDB-2025-005817 // NVD: CVE-2025-46635

SOURCES

db:	CNVD	id:	CNVD-2025-13837
db:	JVNDB	id:	JVNDB-2025-005817
db:	NVD	id:	CVE-2025-46635

LAST UPDATE DATE

2025-06-27T23:15:32.264000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-13837	date:	2025-06-26T00:00:00
db:	JVNDB	id:	JVNDB-2025-005817	date:	2025-05-29T01:21:00
db:	NVD	id:	CVE-2025-46635	date:	2025-05-27T14:18:12.740

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-13837	date:	2025-06-26T00:00:00
db:	JVNDB	id:	JVNDB-2025-005817	date:	2025-05-29T00:00:00
db:	NVD	id:	CVE-2025-46635	date:	2025-05-01T20:15:39.600