CVE-2025-46629

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://blog.uturn.dev/#/writeups/iot-village/tenda-rx2pro/README?id=cve-2025-46629-lack-of-authentication-in-ate", "name": "https://blog.uturn.dev/#/writeups/iot-village/tenda-rx2pro/README?id=cve-2025-46629-lack-of-authentication-in-ate", "tags": ["Third Party Advisory", "Exploit"], "refsource": ""}, {"url": "https://www.tendacn.com/us/default.html", "name": "https://www.tendacn.com/us/default.html", "tags": ["Product"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Lack of access controls in the 'ate' management binary of the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated remote attacker to perform unauthorized configuration changes for any router where 'ate' has been enabled by sending a crafted UDP packet"}]}, "problemtype": {"problemtype_data": [{"description": []}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2025-46629", "ASSIGNER": "cve@mitre.org"}}, "impact": {}, "publishedDate": "2025-05-01T20:15Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:tenda:rx2_pro_firmware:16.03.30.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:tenda:rx2_pro:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-05-27T14:24Z"}