CVE-2025-46627 – Tenda RX2 Pro Weak Credential Vulnerability

May 1, 2025

CVE ID : CVE-2025-46627

Published : May 1, 2025, 8:15 p.m. | 3 hours, 12 minutes ago

Description : Use of weak credentials in the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated attacker to authenticate to the telnet service by calculating the root password based on easily-obtained device information. The password is based on the last two digits/octets of the MAC address.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-46628 – Tenda RX2 Pro Remote Root Shell Access Vulnerability

Next Article CVE-2025-46626 – Tenda RX2 Pro AES Key Reuse Vulnerability

Highlights

CVE-2025-3486 – Allegra ZipEntry Valide Directory Traversal Remote Code Execution Vulnerability

May 22, 2025

CVE ID : CVE-2025-3486

Published : May 22, 2025, 1:15 a.m. | 1 hour, 35 minutes ago

Description : Allegra isZipEntryValide Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability.

The specific flaw exists within the implementation of the isZipEntryValide method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of LOCAL SERVICE. Was ZDI-CAN-25730.

Severity: 7.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Upwork Freelancers vs Dedicated React.js Teams: What’s Better for Your Project in 2025?

Is Agile dead in the age of AI?

Top 15 Enterprise Use Cases That Justify Hiring Node.js Developers in 2025

The Core Model: Start FROM The Answer, Not WITH The Solution

Finally, a sleek gaming laptop I can take to the office (without sacrificing power)

These jobs face the highest risk of AI takeover, according to Microsoft

Apple’s tariff costs and iPhone sales are soaring – how long until device prices are too?

5 ways to successfully integrate AI agents into your workplace

Enhancing Laravel Queries with Reusable Scope Patterns

Enhancing Laravel Queries with Reusable Scope Patterns

Everything We Know About Livewire 4

Everything We Know About Livewire 4

YouTube wants to use AI to treat “teens as teens and adults as adults” — with the most age-appropriate experiences and protections

YouTube wants to use AI to treat “teens as teens and adults as adults” — with the most age-appropriate experiences and protections

Sam Altman is afraid of OpenAI’s GPT-5 creation — “The Manhattan Project feels very fast, like there are no adults in the room”

9 new features that arrived on the Windows 11 Insider Program during the second half of July 2025

CVE-2025-46627 – Tenda RX2 Pro Weak Credential Vulnerability

This month in security with Tony Anscombe – July 2025 edition

WordPress AI Engine Plugin Bug Allows Remote Code Execution – Update Now

I used ChatGPT to translate image text when Google’s tool failed me – and things got weird

The Ecommerce Trust Checklist: What Every Website Needs to Win Buyers

Update ASAP: Google Fixes Android Flaw (CVE-2025-27363) Exploited by Attackers

Perficient Research Highlights the Path Forward for Connected Products

CVE-2025-3486 – Allegra ZipEntry Valide Directory Traversal Remote Code Execution Vulnerability

CVE-2025-42981 – SAP NetWeaver Application Server ABAP Open Redirect Vulnerability

Ghibli Generator

CVE-2025-52791 – Devfelixmoira Knowledge Base Maker CSRF Stored XSS

CVE-2025-46627 – Tenda RX2 Pro Weak Credential Vulnerability

Related Posts