Tenda Rx2 Pro Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Tenda Rx2 Pro Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (11)
CVE-2025-46625 — CVSS 8.8 (high): Lack of input validation/sanitization in the 'setLanCfg' API endpoint in httpd in the Tenda RX2 Pro 16.03.30.14 allows a remote attacker…
CVE-2025-46633 — CVSS 8.2 (high): Cleartext transmission of sensitive information in the web management portal of the Tenda RX2 Pro 16.03.30.14 allows an attacker to decrypt…
CVE-2025-46627 — CVSS 8.2 (high): Use of weak credentials in the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated attacker to authenticate to the telnet service by…
CVE-2025-46634 — CVSS 8.2 (high): Cleartext transmission of sensitive information in the web management portal of the Tenda RX2 Pro 16.03.30.14 may allow an unauthenticated…
CVE-2025-46626 — CVSS 7.3 (high): Reuse of a static AES key and initialization vector for encrypted traffic to the 'ate' management service of the Tenda RX2 Pro 16.03.30.14…
CVE-2025-46628 — CVSS 7.3 (high): Lack of input validation/sanitization in the 'ate' management service in the Tenda RX2 Pro 16.03.30.14 allows an unauthorized remote…
CVE-2025-46635 — CVSS 7.1 (high): An issue was discovered on Tenda RX2 Pro 16.03.30.14 devices. Improper network isolation between the guest Wi-Fi network and other network…
CVE-2025-46632 — CVSS 6.5 (medium): Initialization vector (IV) reuse in the web management portal of the Tenda RX2 Pro 16.03.30.14 may allow an attacker to discern information…
CVE-2025-46631 — CVSS 6.5 (medium): Improper access controls in the web management portal of the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated remote attacker to enable…
CVE-2025-46630 — CVSS 6.5 (medium): Improper access controls in the web management portal of the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated remote attacker to enable…
CVE-2025-46629 — CVSS 6.5 (medium): Lack of access controls in the 'ate' management binary of the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated remote attacker to…