Vulnerability Details CVE-2025-46628
Lack of input validation/sanitization in the 'ate' management service in the Tenda RX2 Pro 16.03.30.14 allows an unauthorized remote attacker to gain root shell access to the device by sending a crafted UDP packet to the 'ate' service when it is enabled. Authentication is not needed.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 57.3%
CVSS Severity
CVSS v3 Score 7.3
References
Products affected by CVE-2025-46628
-
cpe:2.3:h:tenda:rx2_pro:-
-
cpe:2.3:o:tenda:rx2_pro_firmware:16.03.30.14