Security Advisory

CVE-2025-46625

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-05-01 00:00:00

Last updated 2025-05-02 13:06:24

Assigner mitre

State PUBLISHED

Description

Lack of input validation/sanitization in the setLanCfg API endpoint in httpd in the Tenda RX2 Pro 16.03.30.14 allows a remote attacker that is authorized to the web management portal to gain root shell access to the device by sending a crafted web request. This is persistent because the command injection is saved in the configuration of the device.

← Browse all CVEs View on cve.org ↗