CVE-2025-46634: n/a in n/a
Cleartext transmission of sensitive information in the web management portal of the Tenda RX2 Pro 16.03.30.14 may allow an unauthenticated attacker to authenticate to the web management portal by collecting credentials from observed/collected traffic. It implements encryption, but not until after the user has transmitted the hash of their password in cleartext. The hash can be replayed to authenticate.
AI Analysis
Technical Summary
CVE-2025-46634 is a high-severity vulnerability affecting the web management portal of the Tenda RX2 Pro router firmware version 16.03.30.14. The core issue is the cleartext transmission of sensitive authentication information before encryption is applied. Specifically, while the portal implements encryption for communications, it does so only after the user has transmitted a hash of their password in cleartext. This design flaw allows an unauthenticated attacker who can observe network traffic to capture the password hash. Because the hash itself is used for authentication, the attacker can replay this hash to gain unauthorized access to the web management portal without needing to know the actual password. This vulnerability is classified under CWE-312 (Cleartext Storage of Sensitive Information) and has a CVSS v3.1 score of 8.2, reflecting its high impact and ease of exploitation. The attack vector is network-based (AV:N), requires no privileges (PR:N), no user interaction (UI:N), and affects confidentiality significantly (C:H), with limited impact on integrity (I:L) and no impact on availability (A:N). No patches or known exploits in the wild have been reported as of the publication date. The vulnerability arises from improper handling of authentication credentials and insufficient protection of sensitive data in transit, making it a critical risk for devices exposed to untrusted networks or attackers capable of network traffic interception.
Potential Impact
For European organizations, this vulnerability poses a significant risk, especially for those deploying Tenda RX2 Pro routers in their network infrastructure. Successful exploitation could allow attackers to gain administrative access to the router's management interface, enabling them to alter network configurations, intercept or redirect traffic, or establish persistent footholds within the network. This could lead to data breaches, loss of confidentiality, and potential lateral movement within corporate networks. Given that the vulnerability requires no authentication or user interaction and can be exploited remotely over the network, organizations with routers accessible from untrusted networks or insufficiently segmented internal networks are particularly vulnerable. The impact is heightened in sectors with stringent data protection requirements under GDPR, as unauthorized access could lead to exposure of personal data and regulatory penalties. Additionally, compromised routers could be leveraged in broader cyberattacks, including supply chain compromises or as part of botnets targeting European infrastructure.
Mitigation Recommendations
To mitigate this vulnerability effectively, European organizations should: 1) Immediately isolate affected Tenda RX2 Pro devices from untrusted networks, especially the internet, until a secure firmware update is available. 2) Monitor network traffic for unusual authentication attempts or replay attacks targeting router management interfaces. 3) Employ network segmentation to restrict access to router management portals to trusted administrative networks only, using VLANs or firewall rules. 4) Use out-of-band management solutions or VPNs to access router management interfaces securely, preventing exposure of credentials over unencrypted channels. 5) Regularly audit router firmware versions and configurations to identify and remediate vulnerable devices. 6) Engage with Tenda or authorized vendors to obtain patches or firmware updates addressing this vulnerability as soon as they become available. 7) Implement network intrusion detection systems (NIDS) capable of detecting replay attacks or anomalous authentication patterns. 8) Educate network administrators about the risks of cleartext credential transmission and enforce strong password policies to reduce the impact of credential compromise.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Poland
CVE-2025-46634: n/a in n/a
Description
Cleartext transmission of sensitive information in the web management portal of the Tenda RX2 Pro 16.03.30.14 may allow an unauthenticated attacker to authenticate to the web management portal by collecting credentials from observed/collected traffic. It implements encryption, but not until after the user has transmitted the hash of their password in cleartext. The hash can be replayed to authenticate.
AI-Powered Analysis
Technical Analysis
CVE-2025-46634 is a high-severity vulnerability affecting the web management portal of the Tenda RX2 Pro router firmware version 16.03.30.14. The core issue is the cleartext transmission of sensitive authentication information before encryption is applied. Specifically, while the portal implements encryption for communications, it does so only after the user has transmitted a hash of their password in cleartext. This design flaw allows an unauthenticated attacker who can observe network traffic to capture the password hash. Because the hash itself is used for authentication, the attacker can replay this hash to gain unauthorized access to the web management portal without needing to know the actual password. This vulnerability is classified under CWE-312 (Cleartext Storage of Sensitive Information) and has a CVSS v3.1 score of 8.2, reflecting its high impact and ease of exploitation. The attack vector is network-based (AV:N), requires no privileges (PR:N), no user interaction (UI:N), and affects confidentiality significantly (C:H), with limited impact on integrity (I:L) and no impact on availability (A:N). No patches or known exploits in the wild have been reported as of the publication date. The vulnerability arises from improper handling of authentication credentials and insufficient protection of sensitive data in transit, making it a critical risk for devices exposed to untrusted networks or attackers capable of network traffic interception.
Potential Impact
For European organizations, this vulnerability poses a significant risk, especially for those deploying Tenda RX2 Pro routers in their network infrastructure. Successful exploitation could allow attackers to gain administrative access to the router's management interface, enabling them to alter network configurations, intercept or redirect traffic, or establish persistent footholds within the network. This could lead to data breaches, loss of confidentiality, and potential lateral movement within corporate networks. Given that the vulnerability requires no authentication or user interaction and can be exploited remotely over the network, organizations with routers accessible from untrusted networks or insufficiently segmented internal networks are particularly vulnerable. The impact is heightened in sectors with stringent data protection requirements under GDPR, as unauthorized access could lead to exposure of personal data and regulatory penalties. Additionally, compromised routers could be leveraged in broader cyberattacks, including supply chain compromises or as part of botnets targeting European infrastructure.
Mitigation Recommendations
To mitigate this vulnerability effectively, European organizations should: 1) Immediately isolate affected Tenda RX2 Pro devices from untrusted networks, especially the internet, until a secure firmware update is available. 2) Monitor network traffic for unusual authentication attempts or replay attacks targeting router management interfaces. 3) Employ network segmentation to restrict access to router management portals to trusted administrative networks only, using VLANs or firewall rules. 4) Use out-of-band management solutions or VPNs to access router management interfaces securely, preventing exposure of credentials over unencrypted channels. 5) Regularly audit router firmware versions and configurations to identify and remediate vulnerable devices. 6) Engage with Tenda or authorized vendors to obtain patches or firmware updates addressing this vulnerability as soon as they become available. 7) Implement network intrusion detection systems (NIDS) capable of detecting replay attacks or anomalous authentication patterns. 8) Educate network administrators about the risks of cleartext credential transmission and enforce strong password policies to reduce the impact of credential compromise.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2025-04-26T00:00:00.000Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d9838c4522896dcbec096
Added to database: 5/21/2025, 9:09:12 AM
Last enriched: 7/3/2025, 7:28:09 AM
Last updated: 8/17/2025, 5:06:42 PM
Views: 10
Related Threats
CVE-2025-3495: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Delta Electronics COMMGR
CriticalCVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.