Reuse of a static AES key and initialization vector for encrypted traffic to the 'ate' management service of the Tenda RX2 Pro 16.03.30.14 allows an attacker to decrypt, replay, and/or forge traffic to the service.
Metrics
Affected Vendors & Products
References
History
Tue, 27 May 2025 14:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Tenda
Tenda rx2 Pro Tenda rx2 Pro Firmware |
|
CPEs | cpe:2.3:h:tenda:rx2_pro:-:*:*:*:*:*:*:* cpe:2.3:o:tenda:rx2_pro_firmware:16.03.30.14:*:*:*:*:*:*:* |
|
Vendors & Products |
Tenda
Tenda rx2 Pro Tenda rx2 Pro Firmware |
Fri, 02 May 2025 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Fri, 02 May 2025 16:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-326 | |
Metrics |
cvssV3_1
|
Thu, 01 May 2025 19:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Reuse of a static AES key and initialization vector for encrypted traffic to the 'ate' management service of the Tenda RX2 Pro 16.03.30.14 allows an attacker to decrypt, replay, and/or forge traffic to the service. | |
References |
|

Status: PUBLISHED
Assigner: mitre
Published: 2025-05-01T00:00:00.000Z
Updated: 2025-05-02T15:17:44.844Z
Reserved: 2025-04-26T00:00:00.000Z
Link: CVE-2025-46626

Updated: 2025-05-02T15:17:37.733Z

Status : Analyzed
Published: 2025-05-01T20:15:38.190
Modified: 2025-05-27T14:22:51.570
Link: CVE-2025-46626

No data.