CVE-2025-46632

Initialization vector (IV) reuse in the web management portal of the Tenda RX2 Pro 16.03.30.14 may allow an attacker to discern information about or more easily decrypt encrypted messages between client and server.

CVSS

No CVSS.

References

Link	Resource
https://blog.uturn.dev/#/writeups/iot-village/tenda-rx2pro/README?id=cve-2025-46632-static-iv-use-in-httpd	Third Party Advisory Exploit
https://www.tendacn.com/us/default.html	Product

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:tenda:rx2_pro_firmware:16.03.30.14:*:*:*:*:*:*:*

cpe:2.3:h:tenda:rx2_pro:-:*:*:*:*:*:*:*

History

27 May 2025, 14:17

Type	Values Removed	Values Added
References	~~() https://blog.uturn.dev/#/writeups/iot-village/tenda-rx2pro/README?id=cve-2025-46632-static-iv-use-in-httpd -~~	() https://blog.uturn.dev/#/writeups/iot-village/tenda-rx2pro/README?id=cve-2025-46632-static-iv-use-in-httpd - Third Party Advisory, Exploit
References	~~() https://www.tendacn.com/us/default.html -~~	() https://www.tendacn.com/us/default.html - Product
First Time		Tenda rx2 Pro Firmware Tenda Tenda rx2 Pro
CPE		cpe:2.3:h:tenda:rx2_pro:-:::::::* cpe:2.3:o:tenda:rx2_pro_firmware:16.03.30.14:::::::*

01 May 2025, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-01 20:15

Updated : 2025-05-27 14:17

NVD link : CVE-2025-46632

Mitre link : CVE-2025-46632

JSON object : View

Products Affected

tenda

rx2_pro_firmware
rx2_pro

CWE

No CWE.

JSON object

Attach tags to CVE-2025-46632

Attach tags to `CVE-2025-46632`