CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-46630

Improper access controls in the web management portal of the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated remote attacker to enable 'ate' (a remote system management binary) by sending a /goform/ate web request.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 13.8%

CVSS Severity

CVSS v3 Score 6.5

References

https://blog.uturn.dev/#/writeups/iot-village/tenda-rx2pro/README?id=cve-2025-46630-enable-ate-unauthenticated-through-httpd
https://www.tendacn.com/us/default.html

Products affected by CVE-2025-46630

Tenda » Rx2 Pro » Version: N/A

cpe:2.3:h:tenda:rx2_pro:-
Tenda » Rx2 Pro Firmware » Version: 16.03.30.14

cpe:2.3:o:tenda:rx2_pro_firmware:16.03.30.14

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-46630

Products

Pricing

Contact Us