Skip to main content

CVE-2025-46635: n/a in n/a

High
VulnerabilityCVE-2025-46635cvecve-2025-46635
Published: Thu May 01 2025 (05/01/2025, 00:00:00 UTC)
Source: CVE
Vendor/Project: n/a
Product: n/a

Description

An issue was discovered on Tenda RX2 Pro 16.03.30.14 devices. Improper network isolation between the guest Wi-Fi network and other network interfaces on the router allows an attacker (who is authenticated to the guest Wi-Fi) to access resources on the router and/or resources and devices on other networks hosted by the router by configuring a static IP address (within the non-guest subnet) on their host.

AI-Powered Analysis

AILast updated: 07/03/2025, 07:28:23 UTC

Technical Analysis

CVE-2025-46635 is a high-severity vulnerability affecting Tenda RX2 Pro routers running firmware version 16.03.30.14. The core issue is improper network isolation between the guest Wi-Fi network and other internal network interfaces on the router. Normally, guest Wi-Fi networks are segmented to restrict access to internal resources and other connected devices, providing a security boundary. However, due to this vulnerability, an attacker who is authenticated to the guest Wi-Fi can bypass this isolation by manually configuring a static IP address within the subnet of the non-guest network. This misconfiguration allows the attacker to access router resources and other devices on the internal network that should be segregated from guest users. The vulnerability is classified under CWE-284 (Improper Access Control), indicating that the router fails to enforce proper access restrictions between network segments. The CVSS v3.1 base score is 7.1 (high), with the vector indicating network attack vector (AV:N), low attack complexity (AC:L), requiring privileges (PR:L) but no user interaction (UI:N). The impact is high on confidentiality, as unauthorized access to internal network resources is possible, with limited impact on integrity and no impact on availability. No known exploits are reported in the wild yet, and no patches have been linked or published at the time of disclosure. This vulnerability could be exploited by any authenticated guest Wi-Fi user capable of configuring their device's IP settings, which is a relatively low barrier for attackers with physical or temporary network access.

Potential Impact

For European organizations, this vulnerability poses a significant risk especially in environments where Tenda RX2 Pro routers are deployed and guest Wi-Fi networks are provided to visitors, contractors, or customers. Unauthorized access from the guest network to internal resources can lead to data leakage, unauthorized monitoring, or lateral movement within the network. Confidential information stored on internal devices or accessible services could be exposed. This risk is heightened in sectors with strict data protection requirements such as finance, healthcare, and critical infrastructure. Additionally, the ability to access router management interfaces could allow attackers to alter configurations, potentially leading to further compromise or persistent access. The vulnerability undermines network segmentation strategies that are critical for compliance with European data protection regulations like GDPR, which mandate appropriate technical measures to protect personal data. Organizations relying on Tenda RX2 Pro routers without proper compensating controls may face regulatory penalties and reputational damage if exploited.

Mitigation Recommendations

Immediate mitigation should focus on restricting guest Wi-Fi users from configuring static IP addresses within the internal network's subnet. Network administrators should implement DHCP snooping and IP source guard features if supported by the router or network infrastructure to prevent IP spoofing and unauthorized static IP assignment. Segmentation should be enforced at the router or switch level using VLANs with strict access control lists (ACLs) to isolate guest traffic effectively. Monitoring and logging of guest network activity should be enhanced to detect anomalous IP configurations or unauthorized access attempts. Where possible, upgrade or replace affected Tenda RX2 Pro devices with firmware versions that address this vulnerability once available. If no patch is available, consider disabling guest Wi-Fi or restricting guest access to internet-only connectivity via firewall rules. Educate users and network administrators about the risks of static IP configuration on guest networks. Finally, conduct regular network audits to verify that guest network isolation is functioning as intended.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
mitre
Date Reserved
2025-04-26T00:00:00.000Z
Cisa Enriched
true
Cvss Version
3.1
State
PUBLISHED

Threat ID: 682d9838c4522896dcbec0dc

Added to database: 5/21/2025, 9:09:12 AM

Last enriched: 7/3/2025, 7:28:23 AM

Last updated: 8/16/2025, 2:55:25 AM

Views: 16

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats