8.2

CVE-2025-46627

Exploit

EPSS 0.38%
Veröffentlicht 01.05.2025 00:00:00
Zuletzt bearbeitet 27.05.2025 14:23:32
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Use of weak credentials in the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated attacker to authenticate to the telnet service by calculating the root password based on easily-obtained device information. The password is based on the last two digits/octets of the MAC address.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Tenda ≫ Rx2 Pro Firmware Version16.03.30.14

Tenda ≫ Rx2 Pro Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.38%	0.587

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.2	3.9	4.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CWE-922 Insecure Storage of Sensitive Information

The product stores sensitive information without properly limiting read or write access by unauthorized actors.

https://www.tendacn.com/us/default.html

Product

https://blog.uturn.dev/#/writeups/iot-village/tenda-rx2pro/README?id=cve-2025-46627-calculated-os-root-password

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2025-46627

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-46627

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-46627

EUVD