Details of VAR-202505-1506

ID

VAR-202505-1506

CVE

CVE-2025-46628

TITLE

Shenzhen Tenda Technology Co.,Ltd. of RX2 Pro Access control vulnerabilities in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-005767

DESCRIPTION

Lack of input validation/sanitization in the 'ate' management service in the Tenda RX2 Pro 16.03.30.14 allows an unauthorized remote attacker to gain root shell access to the device by sending a crafted UDP packet to the 'ate' service when it is enabled. Authentication is not needed. Shenzhen Tenda Technology Co.,Ltd. of RX2 Pro Firmware contains an access control vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda RX2 Pro is a high-performance WiFi 6 signal amplifier from China's Tenda. No detailed vulnerability details are currently provided

Trust: 2.16

sources: NVD: CVE-2025-46628 // JVNDB: JVNDB-2025-005767 // CNVD: CNVD-2025-09929

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-09929

AFFECTED PRODUCTS

vendor:	tenda	model:	rx2 pro	scope:	eq	version:	16.03.30.14	Trust: 1.6
vendor:	tenda	model:	rx2 pro	scope:	eq	version:	rx2 pro firmware 16.03.30.14	Trust: 0.8
vendor:	tenda	model:	rx2 pro	scope:	eq	version:	-	Trust: 0.8
vendor:	tenda	model:	rx2 pro	scope:	-	version:	-	Trust: 0.8

sources: CNVD: CNVD-2025-09929 // JVNDB: JVNDB-2025-005767 // NVD: CVE-2025-46628

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-46628
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2025-005767
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-09929
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-09929
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-46628
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	3.4
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-005767
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-09929 // JVNDB: JVNDB-2025-005767 // NVD: CVE-2025-46628

PROBLEMTYPE DATA

problemtype:	CWE-284	Trust: 1.0
problemtype:	Inappropriate access control (CWE-284) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-005767 // NVD: CVE-2025-46628

PATCH

title:

Patch for Tenda RX2 Pro ate management service input validation error vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/688151

Trust: 0.6

sources: CNVD: CNVD-2025-09929

EXTERNAL IDS

db:	NVD	id:	CVE-2025-46628	Trust: 3.2
db:	JVNDB	id:	JVNDB-2025-005767	Trust: 0.8
db:	CNVD	id:	CNVD-2025-09929	Trust: 0.6

sources: CNVD: CNVD-2025-09929 // JVNDB: JVNDB-2025-005767 // NVD: CVE-2025-46628

REFERENCES

url:	https://blog.uturn.dev/#/writeups/iot-village/tenda-rx2pro/readme?id=cve-2025-46628-command-injection-through-ifconfig-command-in-ate	Trust: 1.8
url:	https://www.tendacn.com/us/default.html	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2025-46628	Trust: 1.4

sources: CNVD: CNVD-2025-09929 // JVNDB: JVNDB-2025-005767 // NVD: CVE-2025-46628

SOURCES

db:	CNVD	id:	CNVD-2025-09929
db:	JVNDB	id:	JVNDB-2025-005767
db:	NVD	id:	CVE-2025-46628

LAST UPDATE DATE

2025-05-29T23:41:52.125000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-09929	date:	2025-05-16T00:00:00
db:	JVNDB	id:	JVNDB-2025-005767	date:	2025-05-28T05:47:00
db:	NVD	id:	CVE-2025-46628	date:	2025-05-27T14:24:08.060

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-09929	date:	2025-05-15T00:00:00
db:	JVNDB	id:	JVNDB-2025-005767	date:	2025-05-28T00:00:00
db:	NVD	id:	CVE-2025-46628	date:	2025-05-01T20:15:38.510