CVE-2025-46632
First published: Thu May 01 2025(Updated: )
Initialization vector (IV) reuse in the web management portal of the Tenda RX2 Pro 16.03.30.14 may allow an attacker to discern information about or more easily decrypt encrypted messages between client and server.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tenda RX2 Pro |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-46632?
CVE-2025-46632 is classified as a high-severity vulnerability due to its potential to expose sensitive information.
How do I fix CVE-2025-46632?
To resolve CVE-2025-46632, update the Tenda RX2 Pro firmware to the latest version provided by the vendor.
What type of attack can exploit CVE-2025-46632?
CVE-2025-46632 can be exploited by attackers using IV reuse to decrypt messages between the client and server.
Which device is affected by CVE-2025-46632?
CVE-2025-46632 affects the Tenda RX2 Pro web management portal.
What does IV reuse mean in the context of CVE-2025-46632?
IV reuse in CVE-2025-46632 refers to the repeated use of the same initialization vector, compromising the encryption's integrity.
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/type
- agent/first-publish-date
- agent/description
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- agent/author
- collector/epss-latest
- source/FIRST
- agent/source
- agent/epss
- agent/tags
- collector/nvd-api
- source/NVD
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/event
- vendor/tenda
- canonical/tenda rx2 pro