Cleartext transmission of sensitive information in the web management portal of the Tenda RX2 Pro 16.03.30.14 allows an attacker to decrypt traffic between the client and server by collecting the symmetric AES key from collected and/or observed traffic. The AES key in sent in cleartext in response to successful authentication. The IV is always EU5H62G9ICGRNI43.
Metrics
Affected Vendors & Products
References
History
Tue, 27 May 2025 14:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Tenda
Tenda rx2 Pro Tenda rx2 Pro Firmware |
|
CPEs | cpe:2.3:h:tenda:rx2_pro:-:*:*:*:*:*:*:* cpe:2.3:o:tenda:rx2_pro_firmware:16.03.30.14:*:*:*:*:*:*:* |
|
Vendors & Products |
Tenda
Tenda rx2 Pro Tenda rx2 Pro Firmware |
Fri, 02 May 2025 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-312 | |
Metrics |
cvssV3_1
|
Thu, 01 May 2025 19:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Cleartext transmission of sensitive information in the web management portal of the Tenda RX2 Pro 16.03.30.14 allows an attacker to decrypt traffic between the client and server by collecting the symmetric AES key from collected and/or observed traffic. The AES key in sent in cleartext in response to successful authentication. The IV is always EU5H62G9ICGRNI43. | |
References |
|

Status: PUBLISHED
Assigner: mitre
Published: 2025-05-01T00:00:00.000Z
Updated: 2025-05-02T14:59:18.138Z
Reserved: 2025-04-26T00:00:00.000Z
Link: CVE-2025-46633

Updated: 2025-05-02T14:59:12.220Z

Status : Analyzed
Published: 2025-05-01T20:15:39.310
Modified: 2025-05-27T14:17:34.780
Link: CVE-2025-46633

No data.