CVE-2025-46626

Name of the Vulnerable Software and Affected Versions Tenda RX2 Pro version 16.03.30.14

Description The issue concerns the reuse of a static AES key and initialization vector for encrypted traffic to the 'ate' management service. This allows an attacker to decrypt, replay, and/or forge traffic to the service.

Recommendations For Tenda RX2 Pro version 16.03.30.14, consider disabling the ate management service until a patch is available to prevent exploitation. Restrict access to the service to minimize the risk of decryption, replay, and/or forgery of traffic. At the moment, there is no information about a newer version that contains a fix for this vulnerability.