Vulnerabilities

CVE-2025-46628

by Fred · 01/05/2025

Lack of input validation/sanitization in the ‘ate’ management service in the Tenda RX2 Pro 16.03.30.14 allows an unauthorized remote attacker to gain root shell access to the device by sending a crafted UDP packet to the ‘ate’ service when it is enabled. Authentication is not needed.

More information : https://blog.uturn.dev/#/writeups/iot-village/tenda-rx2pro/README?id=cve-2025-46628-command-injection-through-ifconfig-command-in-ate

Similar

Tags: Cybersecurity Alert