Weak Credential Vulnerability in Tenda RX2 Pro Router by Tenda
CVE-2025-46627

8.2HIGH

Key Information:

Vendor: Tenda
Status: Tenda RX2 Pro Router
Vendor: CVE Published:; 1 May 2025

Summary

The Tenda RX2 Pro Router is vulnerable due to the use of easily guessed credentials based on the last two digits of the device's MAC address. This design flaw allows unauthorized individuals to gain access to the telnet service without proper authentication. Attackers can exploit this vulnerability by simply calculating the root password using publicly accessible device information, creating a significant risk for users' network security.

References

https://www.tendacn.com/us/default.html

https://blog.uturn.dev/#/writeups/iot-village/tenda-rx2pr...

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 1, 2025