Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-46632

Initialization vector (IV) reuse in the web management portal of the Tenda RX2 Pro 16.03.30.14 may allow an attacker to discern information about or more easily decrypt encrypted messages between client and server.

Published

2025-05-01T20:15:39.167

Last Modified

2025-05-27T14:17:19.890

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-323

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	tenda	rx2_pro_firmware	16.03.30.14	Yes
Hardware	tenda	rx2_pro	-	No

References

https://blog.uturn.dev/#/writeups/iot-village/tenda-rx2pro/README?id=cve-2025-46632-static-iv-use-in-httpd Third Party Advisory, Exploit ([email protected])
https://www.tendacn.com/us/default.html Product ([email protected])