CVE-2025-46632

CVE Database · CVE-2025-46632

CVE-2025-46632

· MEDIUMAnalyzed

CVSS v3.1

6.5

EPSS

0.27%

Published

May 1, 2025

Modified

May 27, 2025

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Initialization vector (IV) reuse in the web management portal of the Tenda RX2 Pro 16.03.30.14 may allow an attacker to discern information about or more easily decrypt encrypted messages between client and server.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Weaknesses (CWE)

CWE-323

Affected Products (2)

tenda · rx2_pro_firmwarevulnerable

tenda · rx2_pro

References (2)

https://blog.uturn.dev/#/writeups/iot-village/tenda-rx2pro/README?id=cve-2025-46632-static-iv-use-in-httpd

ExploitThird Party Advisory

https://www.tendacn.com/us/default.html

Product

KEV Catalog EPSS Scores Vendors All CVEs