{"id":36615,"date":"2025-05-09T09:53:22","date_gmt":"2025-05-09T09:53:22","guid":{"rendered":""},"modified":"2025-09-15T00:13:00","modified_gmt":"2025-09-15T06:13:00","slug":"cve-2025-46627-weak-credentials-vulnerability-in-tenda-rx2-pro","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-46627-weak-credentials-vulnerability-in-tenda-rx2-pro\/","title":{"rendered":"CVE-2025-46627: Weak Credentials Vulnerability in Tenda RX2 Pro<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

The Common Vulnerabilities and Exposures (CVE) system has identified a flaw, known as CVE-2025-46627, that presents a significant risk to users of the Tenda RX2 Pro with version 16.03.30.14. This flaw arises from the use of weak credentials, which can potentially allow an unauthenticated attacker to gain access to the telnet service. The significance of this vulnerability lies in its potential to compromise the system<\/a> or lead to data leakage, thereby posing a substantial threat to the privacy and security of users.
\nThis vulnerability is specifically problematic because the root password<\/a>, which an attacker may calculate, is based on easily obtainable device information – the last two digits or octets of the MAC address. As such, anyone with access to this information could potentially exploit this vulnerability<\/a>, compromising user data and system integrity.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-46627
\nSeverity: High (8.2 CVSS Score)
\nAttack Vector: Network
\nPrivileges Required: None
\nUser Interaction: None
\nImpact: System compromise and potential<\/a> data leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n A new way to communicate\r\n <\/h2>\r\n\r\n

\r\n Ameeba Chat is built on encrypted identity, not personal profiles.\r\n <\/p>\r\n\r\n

\r\n Message, call, share files, and coordinate with identities kept separate.\r\n <\/p>\r\n\r\n