Skip to main content

CVE-2025-46633: n/a in n/a

High
VulnerabilityCVE-2025-46633cvecve-2025-46633
Published: Thu May 01 2025 (05/01/2025, 00:00:00 UTC)
Source: CVE
Vendor/Project: n/a
Product: n/a

Description

Cleartext transmission of sensitive information in the web management portal of the Tenda RX2 Pro 16.03.30.14 allows an attacker to decrypt traffic between the client and server by collecting the symmetric AES key from collected and/or observed traffic. The AES key in sent in cleartext in response to successful authentication. The IV is always EU5H62G9ICGRNI43.

AI-Powered Analysis

AILast updated: 07/03/2025, 07:27:54 UTC

Technical Analysis

CVE-2025-46633 is a high-severity vulnerability affecting the web management portal of the Tenda RX2 Pro router firmware version 16.03.30.14. The core issue is the cleartext transmission of sensitive cryptographic material, specifically the symmetric AES key, during the authentication process. When a client successfully authenticates to the web management interface, the AES key used to encrypt subsequent traffic is sent in cleartext within the response. Additionally, the initialization vector (IV) used for AES encryption is static and fixed as 'EU5H62G9ICGRNI43'. This combination of factors allows an attacker who can observe or capture network traffic between the client and the router to extract the AES key directly from the cleartext response. With the AES key and a known IV, the attacker can decrypt the encrypted session traffic, compromising confidentiality. The vulnerability is classified under CWE-312 (Cleartext Storage of Sensitive Information), highlighting improper handling of cryptographic keys. The CVSS 3.1 score of 8.2 reflects the ease of remote exploitation (network vector, no privileges or user interaction required) and the high impact on confidentiality, although integrity and availability impacts are low. No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability affects the Tenda RX2 Pro router, a consumer-grade device commonly used in home and small office environments, which exposes a critical flaw in the device's management interface security design.

Potential Impact

For European organizations, especially small businesses and home offices relying on Tenda RX2 Pro routers, this vulnerability poses a significant risk to the confidentiality of network management traffic. An attacker on the same network segment or capable of intercepting traffic (e.g., via compromised Wi-Fi, man-in-the-middle attacks, or network tapping) can obtain the AES key and decrypt sensitive configuration data, potentially exposing credentials, network topology, or other sensitive management information. This could facilitate further attacks such as unauthorized configuration changes, lateral movement, or data exfiltration. Given the static IV and cleartext key transmission, the vulnerability undermines the fundamental security of the device’s management interface. While large enterprises may not commonly use this device, small and medium enterprises (SMEs) and home offices in Europe could be disproportionately affected. The exposure of sensitive management data could lead to breaches of GDPR requirements concerning data protection and confidentiality, resulting in regulatory and reputational consequences. Furthermore, attackers could leverage this vulnerability to establish persistent footholds or pivot into broader organizational networks.

Mitigation Recommendations

Immediate mitigation steps include restricting access to the Tenda RX2 Pro web management portal to trusted network segments only, ideally via VLAN segmentation or firewall rules that block unauthorized IP addresses. Network administrators should disable remote management features if enabled, to prevent external attackers from exploiting this vulnerability. Use of VPNs or secure tunnels for management traffic can add an additional encryption layer independent of the vulnerable AES implementation. Monitoring network traffic for unusual access patterns or unexpected cleartext key transmissions can help detect exploitation attempts. Since no official patches are currently available, organizations should consider replacing affected devices with models that implement proper cryptographic key handling and secure management interfaces. Vendors and users should prioritize firmware updates once released. Additionally, educating users about the risks of using default or outdated router firmware and encouraging regular updates can reduce exposure. For environments where replacement is not immediately feasible, implementing network-level encryption (e.g., IPsec) can help protect management traffic confidentiality.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
mitre
Date Reserved
2025-04-26T00:00:00.000Z
Cisa Enriched
true
Cvss Version
3.1
State
PUBLISHED

Threat ID: 682d9838c4522896dcbec092

Added to database: 5/21/2025, 9:09:12 AM

Last enriched: 7/3/2025, 7:27:54 AM

Last updated: 8/13/2025, 6:39:56 PM

Views: 11

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats