CVE-2025-46625

{"id": "CVE-2025-46625", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2025-05-01T20:15:38.037", "references": [{"url": "https://blog.uturn.dev/#/writeups/iot-village/tenda-rx2pro/README?id=cve-2025-46625-command-injection-through-setlancfg-in-httpd", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.tendacn.com/us/default.html", "tags": ["Product"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-77"}]}], "descriptions": [{"lang": "en", "value": "Lack of input validation/sanitization in the 'setLanCfg' API endpoint in httpd in the Tenda RX2 Pro 16.03.30.14 allows a remote attacker that is authorized to the web management portal to gain root shell access to the device by sending a crafted web request. This is persistent because the command injection is saved in the configuration of the device."}, {"lang": "es", "value": "La falta de validaci\u00f3n/depuraci\u00f3n de entrada en el endpoint de la API 'setLanCfg' en httpd en Tenda RX2 Pro 16.03.30.14 permite que un atacante remoto autorizado al portal de administraci\u00f3n web obtenga acceso root al dispositivo mediante una solicitud web manipulada. Esto es persistente porque la inyecci\u00f3n de comandos se guarda en la configuraci\u00f3n del dispositivo."}], "lastModified": "2025-05-27T14:22:39.907", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:tenda:rx2_pro_firmware:16.03.30.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A6C6559F-BD91-44DF-BA9E-2F55C714009C"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:tenda:rx2_pro:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E95CB932-CDB6-4E44-A868-5DEEAD982F7C"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}