CVE-2025-46629 Information

Description

Lack of access controls in the ‘ate’ management binary of the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated remote attacker to perform unauthorized configuration changes for any router where ‘ate’ has been enabled by sending a crafted UDP packet

Reference

https://blog.uturn.dev/#/writeups/iot-village/tenda-rx2pro/README?id=cve-2025-46629-lack-of-authentication-in-ate https://www.tendacn.com/us/default.html