PT-2025-18706 · Tenda · Tenda Rx2 Pro
Published
2025-05-01
·
Updated
2025-05-03
·
CVE-2025-46632
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Tenda RX2 Pro version 16.03.30.14
Description
The issue concerns the reuse of the initialization vector (IV) in the web management portal, which may allow an attacker to discern information or more easily decrypt encrypted messages between the client and server.
Recommendations
For Tenda RX2 Pro version 16.03.30.14, consider disabling the web management portal until a patch is available to prevent potential exploitation. Restrict access to the portal to minimize the risk of information disclosure or decryption of encrypted messages.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tenda Rx2 Pro