High severity8.8NVD Advisory· Published May 1, 2025· Updated Jun 17, 2026
CVE-2025-46625
CVE-2025-46625
Description
Lack of input validation/sanitization in the 'setLanCfg' API endpoint in httpd in the Tenda RX2 Pro 16.03.30.14 allows a remote attacker that is authorized to the web management portal to gain root shell access to the device by sending a crafted web request. This is persistent because the command injection is saved in the configuration of the device.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
2- blog.uturn.devnvdThird Party Advisory
- www.tendacn.com/us/default.htmlnvdProduct
News mentions
0No linked articles in our index yet.