CVE-2025-46630

{"id": "CVE-2025-46630", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 3.9}]}, "published": "2025-05-01T20:15:38.803", "references": [{"url": "https://blog.uturn.dev/#/writeups/iot-village/tenda-rx2pro/README?id=cve-2025-46630-enable-ate-unauthenticated-through-httpd", "tags": ["Third Party Advisory", "Exploit"], "source": "cve@mitre.org"}, {"url": "https://www.tendacn.com/us/default.html", "tags": ["Product"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "Improper access controls in the web management portal of the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated remote attacker to enable 'ate' (a remote system management binary) by sending a /goform/ate web request."}, {"lang": "es", "value": "Los controles de acceso inadecuados en el portal de administraci\u00f3n web de Tenda RX2 Pro 16.03.30.14 permiten que un atacante remoto no autenticado habilite 'ate' (un binario de administraci\u00f3n del sistema remoto) enviando una solicitud web /goform/ate."}], "lastModified": "2025-05-27T14:24:30.130", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:tenda:rx2_pro_firmware:16.03.30.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A6C6559F-BD91-44DF-BA9E-2F55C714009C"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:tenda:rx2_pro:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E95CB932-CDB6-4E44-A868-5DEEAD982F7C"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}