Security researchers have identified critical vulnerabilities in the Tenda RX2 Pro Dual-Band Gigabit Wi-Fi 6 Router, potentially allowing remote attackers to gain administrative access and full control of the device. Despite being notified, Tenda has not released any patches, leaving users exposed to various exploitation methods. Affected: Tenda RX2 Pro Router
Keypoints :
- Critical vulnerabilities discovered in the Tenda RX2 Proβs web management portal, firmware, and internal services.
- Eleven separate CVEs assigned, allowing unauthorized remote access and escalation of privileges.
- Exploitable even from the guest Wi-Fi network due to improper network segmentation.
- Weak encryption methods expose credentials, enabling interception and decryption of management traffic.
- Attackers can enable backdoor services like telnet with no authentication needed.
- Researchers have reported vulnerabilities to Tenda, but no updates or fixes have been issued yet.
- Users are advised to disconnect from untrusted networks and seek alternative devices until patches are provided.
- Emphasizes the need for better security practices in consumer networking equipment.
Read More: https://gbhackers.com/multiple-flaws-in-tenda-rx2-pro/