CVE-2025-46632

CWE-3233 documents3 sources
Severity
6.5MEDIUM
EPSS
0.3%
top 48.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Tenda RX2 PRO Firmware
Timeline
PublishedMay 1
Latest updateMay 2

Description

Initialization vector (IV) reuse in the web management portal of the Tenda RX2 Pro 16.03.30.14 may allow an attacker to discern information about or more easily decrypt encrypted messages between client and server.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.5

Affected Packages1 packages

NVDtenda/rx2_pro_firmware16.03.30.14

🔴Vulnerability Details

2
GHSA
GHSA-wf34-hx5v-vq6q: Initialization vector (IV) reuse in the web management portal of the Tenda RX2 Pro 162025-05-02
CVEList
CVE-2025-46632: Initialization vector (IV) reuse in the web management portal of the Tenda RX2 Pro 162025-05-01
CVE-2025-46632 (MEDIUM CVSS 6.5) | Initialization vector (IV) reuse in | cvebase.io