FKIE_CVE-2025-46625

Vulnerability from fkie_nvd - Published: 2025-05-01 20:15 - Updated: 2025-05-27 14:22
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Lack of input validation/sanitization in the 'setLanCfg' API endpoint in httpd in the Tenda RX2 Pro 16.03.30.14 allows a remote attacker that is authorized to the web management portal to gain root shell access to the device by sending a crafted web request. This is persistent because the command injection is saved in the configuration of the device.
References
cve@mitre.orghttps://blog.uturn.dev/#/writeups/iot-village/tenda-rx2pro/README?id=cve-2025-46625-command-injection-through-setlancfg-in-httpdThird Party Advisory
cve@mitre.orghttps://www.tendacn.com/us/default.htmlProduct
Impacted products
Vendor Product Version
tenda rx2_pro_firmware 16.03.30.14
tenda rx2_pro -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:tenda:rx2_pro_firmware:16.03.30.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6C6559F-BD91-44DF-BA9E-2F55C714009C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:tenda:rx2_pro:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E95CB932-CDB6-4E44-A868-5DEEAD982F7C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Lack of input validation/sanitization in the \u0027setLanCfg\u0027 API endpoint in httpd in the Tenda RX2 Pro 16.03.30.14 allows a remote attacker that is authorized to the web management portal to gain root shell access to the device by sending a crafted web request. This is persistent because the command injection is saved in the configuration of the device."
    },
    {
      "lang": "es",
      "value": "La falta de validaci\u00f3n/depuraci\u00f3n de entrada en el endpoint de la API \u0027setLanCfg\u0027 en httpd en Tenda RX2 Pro 16.03.30.14 permite que un atacante remoto autorizado al portal de administraci\u00f3n web obtenga acceso root al dispositivo mediante una solicitud web manipulada. Esto es persistente porque la inyecci\u00f3n de comandos se guarda en la configuraci\u00f3n del dispositivo."
    }
  ],
  "id": "CVE-2025-46625",
  "lastModified": "2025-05-27T14:22:39.907",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-05-01T20:15:38.037",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://blog.uturn.dev/#/writeups/iot-village/tenda-rx2pro/README?id=cve-2025-46625-command-injection-through-setlancfg-in-httpd"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Product"
      ],
      "url": "https://www.tendacn.com/us/default.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.