CVE-2025-46633: n/a in n/a
Cleartext transmission of sensitive information in the web management portal of the Tenda RX2 Pro 16.03.30.14 allows an attacker to decrypt traffic between the client and server by collecting the symmetric AES key from collected and/or observed traffic. The AES key in sent in cleartext in response to successful authentication. The IV is always EU5H62G9ICGRNI43.
AI Analysis
Technical Summary
CVE-2025-46633 is a high-severity vulnerability affecting the web management portal of the Tenda RX2 Pro router firmware version 16.03.30.14. The core issue is the cleartext transmission of sensitive cryptographic material, specifically the symmetric AES key, during the authentication process. When a client successfully authenticates to the web management interface, the AES key used to encrypt subsequent traffic is sent in cleartext within the response. Additionally, the initialization vector (IV) used for AES encryption is static and fixed as 'EU5H62G9ICGRNI43'. This combination of factors allows an attacker who can observe or capture network traffic between the client and the router to extract the AES key directly from the cleartext response. With the AES key and a known IV, the attacker can decrypt the encrypted session traffic, compromising confidentiality. The vulnerability is classified under CWE-312 (Cleartext Storage of Sensitive Information), highlighting improper handling of cryptographic keys. The CVSS 3.1 score of 8.2 reflects the ease of remote exploitation (network vector, no privileges or user interaction required) and the high impact on confidentiality, although integrity and availability impacts are low. No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability affects the Tenda RX2 Pro router, a consumer-grade device commonly used in home and small office environments, which exposes a critical flaw in the device's management interface security design.
Potential Impact
For European organizations, especially small businesses and home offices relying on Tenda RX2 Pro routers, this vulnerability poses a significant risk to the confidentiality of network management traffic. An attacker on the same network segment or capable of intercepting traffic (e.g., via compromised Wi-Fi, man-in-the-middle attacks, or network tapping) can obtain the AES key and decrypt sensitive configuration data, potentially exposing credentials, network topology, or other sensitive management information. This could facilitate further attacks such as unauthorized configuration changes, lateral movement, or data exfiltration. Given the static IV and cleartext key transmission, the vulnerability undermines the fundamental security of the device’s management interface. While large enterprises may not commonly use this device, small and medium enterprises (SMEs) and home offices in Europe could be disproportionately affected. The exposure of sensitive management data could lead to breaches of GDPR requirements concerning data protection and confidentiality, resulting in regulatory and reputational consequences. Furthermore, attackers could leverage this vulnerability to establish persistent footholds or pivot into broader organizational networks.
Mitigation Recommendations
Immediate mitigation steps include restricting access to the Tenda RX2 Pro web management portal to trusted network segments only, ideally via VLAN segmentation or firewall rules that block unauthorized IP addresses. Network administrators should disable remote management features if enabled, to prevent external attackers from exploiting this vulnerability. Use of VPNs or secure tunnels for management traffic can add an additional encryption layer independent of the vulnerable AES implementation. Monitoring network traffic for unusual access patterns or unexpected cleartext key transmissions can help detect exploitation attempts. Since no official patches are currently available, organizations should consider replacing affected devices with models that implement proper cryptographic key handling and secure management interfaces. Vendors and users should prioritize firmware updates once released. Additionally, educating users about the risks of using default or outdated router firmware and encouraging regular updates can reduce exposure. For environments where replacement is not immediately feasible, implementing network-level encryption (e.g., IPsec) can help protect management traffic confidentiality.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Poland, Belgium, Sweden, Austria
CVE-2025-46633: n/a in n/a
Description
Cleartext transmission of sensitive information in the web management portal of the Tenda RX2 Pro 16.03.30.14 allows an attacker to decrypt traffic between the client and server by collecting the symmetric AES key from collected and/or observed traffic. The AES key in sent in cleartext in response to successful authentication. The IV is always EU5H62G9ICGRNI43.
AI-Powered Analysis
Technical Analysis
CVE-2025-46633 is a high-severity vulnerability affecting the web management portal of the Tenda RX2 Pro router firmware version 16.03.30.14. The core issue is the cleartext transmission of sensitive cryptographic material, specifically the symmetric AES key, during the authentication process. When a client successfully authenticates to the web management interface, the AES key used to encrypt subsequent traffic is sent in cleartext within the response. Additionally, the initialization vector (IV) used for AES encryption is static and fixed as 'EU5H62G9ICGRNI43'. This combination of factors allows an attacker who can observe or capture network traffic between the client and the router to extract the AES key directly from the cleartext response. With the AES key and a known IV, the attacker can decrypt the encrypted session traffic, compromising confidentiality. The vulnerability is classified under CWE-312 (Cleartext Storage of Sensitive Information), highlighting improper handling of cryptographic keys. The CVSS 3.1 score of 8.2 reflects the ease of remote exploitation (network vector, no privileges or user interaction required) and the high impact on confidentiality, although integrity and availability impacts are low. No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability affects the Tenda RX2 Pro router, a consumer-grade device commonly used in home and small office environments, which exposes a critical flaw in the device's management interface security design.
Potential Impact
For European organizations, especially small businesses and home offices relying on Tenda RX2 Pro routers, this vulnerability poses a significant risk to the confidentiality of network management traffic. An attacker on the same network segment or capable of intercepting traffic (e.g., via compromised Wi-Fi, man-in-the-middle attacks, or network tapping) can obtain the AES key and decrypt sensitive configuration data, potentially exposing credentials, network topology, or other sensitive management information. This could facilitate further attacks such as unauthorized configuration changes, lateral movement, or data exfiltration. Given the static IV and cleartext key transmission, the vulnerability undermines the fundamental security of the device’s management interface. While large enterprises may not commonly use this device, small and medium enterprises (SMEs) and home offices in Europe could be disproportionately affected. The exposure of sensitive management data could lead to breaches of GDPR requirements concerning data protection and confidentiality, resulting in regulatory and reputational consequences. Furthermore, attackers could leverage this vulnerability to establish persistent footholds or pivot into broader organizational networks.
Mitigation Recommendations
Immediate mitigation steps include restricting access to the Tenda RX2 Pro web management portal to trusted network segments only, ideally via VLAN segmentation or firewall rules that block unauthorized IP addresses. Network administrators should disable remote management features if enabled, to prevent external attackers from exploiting this vulnerability. Use of VPNs or secure tunnels for management traffic can add an additional encryption layer independent of the vulnerable AES implementation. Monitoring network traffic for unusual access patterns or unexpected cleartext key transmissions can help detect exploitation attempts. Since no official patches are currently available, organizations should consider replacing affected devices with models that implement proper cryptographic key handling and secure management interfaces. Vendors and users should prioritize firmware updates once released. Additionally, educating users about the risks of using default or outdated router firmware and encouraging regular updates can reduce exposure. For environments where replacement is not immediately feasible, implementing network-level encryption (e.g., IPsec) can help protect management traffic confidentiality.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2025-04-26T00:00:00.000Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d9838c4522896dcbec092
Added to database: 5/21/2025, 9:09:12 AM
Last enriched: 7/3/2025, 7:27:54 AM
Last updated: 8/18/2025, 8:14:56 PM
Views: 12
Related Threats
CVE-2025-3495: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Delta Electronics COMMGR
CriticalCVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.