High severity7.3NVD Advisory· Published May 1, 2025· Updated Jun 17, 2026
CVE-2025-46628
CVE-2025-46628
Description
Lack of input validation/sanitization in the 'ate' management service in the Tenda RX2 Pro 16.03.30.14 allows an unauthorized remote attacker to gain root shell access to the device by sending a crafted UDP packet to the 'ate' service when it is enabled. Authentication is not needed.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
2- blog.uturn.devnvdExploitThird Party Advisory
- www.tendacn.com/us/default.htmlnvdProduct
News mentions
0No linked articles in our index yet.