Tenda Rx2 Pro Firmware
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Tenda Rx2 Pro Firmware.
By the Year
In 2026 there have been 0 vulnerabilities in Tenda Rx2 Pro Firmware. Last year, in 2025 Rx2 Pro Firmware had 11 security vulnerabilities published. Right now, Rx2 Pro Firmware is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 11 | 0.00 |
It may take a day or so for new Rx2 Pro Firmware vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Tenda Rx2 Pro Firmware Security Vulnerabilities
Tenda RX2 Pro 16.03.30.14 Guest Wi-Fi Isolation Bypass via Static IP
CVE-2025-46635
- May 01, 2025
An issue was discovered on Tenda RX2 Pro 16.03.30.14 devices. Improper network isolation between the guest Wi-Fi network and other network interfaces on the router allows an attacker (who is authenticated to the guest Wi-Fi) to access resources on the router and/or resources and devices on other networks hosted by the router by configuring a static IP address (within the non-guest subnet) on their host.
Tenda RX2 Pro 16.03.30.14 – Cleartext Hash Rerun Auth in Web Portal
CVE-2025-46634
- May 01, 2025
Cleartext transmission of sensitive information in the web management portal of the Tenda RX2 Pro 16.03.30.14 may allow an unauthenticated attacker to authenticate to the web management portal by collecting credentials from observed/collected traffic. It implements encryption, but not until after the user has transmitted the hash of their password in cleartext. The hash can be replayed to authenticate.
CVE-2025-46633 Tenda RX2 Pro 16.03.30.14 Cleartext AES Key Exposed
CVE-2025-46633
- May 01, 2025
Cleartext transmission of sensitive information in the web management portal of the Tenda RX2 Pro 16.03.30.14 allows an attacker to decrypt traffic between the client and server by collecting the symmetric AES key from collected and/or observed traffic. The AES key in sent in cleartext in response to successful authentication. The IV is always EU5H62G9ICGRNI43.
Tenda RX2 Pro IV Reuse in Web Portal (v16.03.30.14)
CVE-2025-46632
- May 01, 2025
Initialization vector (IV) reuse in the web management portal of the Tenda RX2 Pro 16.03.30.14 may allow an attacker to discern information about or more easily decrypt encrypted messages between client and server.
Tenda RX2 Pro 16.03.30.14 Unauth Telnet via Web Mgmt
CVE-2025-46631
- May 01, 2025
Improper access controls in the web management portal of the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated remote attacker to enable telnet access to the router's OS by sending a /goform/telnet web request.
Tenda RX2 Pro 16.03.30.14 Unauth Remote Enable of 'ate' via Web Portal
CVE-2025-46630
- May 01, 2025
Improper access controls in the web management portal of the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated remote attacker to enable 'ate' (a remote system management binary) by sending a /goform/ate web request.
Unauth Remote Config via UDP on Tenda RX2 Pro 16.03.30.14 ('ate' bin)
CVE-2025-46629
- May 01, 2025
Lack of access controls in the 'ate' management binary of the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated remote attacker to perform unauthorized configuration changes for any router where 'ate' has been enabled by sending a crafted UDP packet
Root Shell via UDP in Tenda RX2 Pro ate Service v16.03.30.14
CVE-2025-46628
- May 01, 2025
Lack of input validation/sanitization in the 'ate' management service in the Tenda RX2 Pro 16.03.30.14 allows an unauthorized remote attacker to gain root shell access to the device by sending a crafted UDP packet to the 'ate' service when it is enabled. Authentication is not needed.
Tenda RX2 Pro 16.03.30.14 Telnet Weak Credentials Unauth Access
CVE-2025-46627
- May 01, 2025
Use of weak credentials in the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated attacker to authenticate to the telnet service by calculating the root password based on easily-obtained device information. The password is based on the last two digits/octets of the MAC address.
Tenda RX2 Pro 16.03.30.14 AES Key/IV Reuse: Decrypt/Replay
CVE-2025-46626
- May 01, 2025
Reuse of a static AES key and initialization vector for encrypted traffic to the 'ate' management service of the Tenda RX2 Pro 16.03.30.14 allows an attacker to decrypt, replay, and/or forge traffic to the service.
Command injection in Tenda RX2 Pro 16.03.30.14 setLanCfg API (root access)
CVE-2025-46625
- May 01, 2025
Lack of input validation/sanitization in the 'setLanCfg' API endpoint in httpd in the Tenda RX2 Pro 16.03.30.14 allows a remote attacker that is authorized to the web management portal to gain root shell access to the device by sending a crafted web request. This is persistent because the command injection is saved in the configuration of the device.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Tenda Rx2 Pro Firmware or by Tenda? Click the Watch button to subscribe.
