Details of VAR-202505-1102

ID

VAR-202505-1102

CVE

CVE-2025-46633

TITLE

Shenzhen Tenda Technology Co.,Ltd. of RX2 Pro Vulnerability related to plaintext storage of important information in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-005737

DESCRIPTION

Cleartext transmission of sensitive information in the web management portal of the Tenda RX2 Pro 16.03.30.14 allows an attacker to decrypt traffic between the client and server by collecting the symmetric AES key from collected and/or observed traffic. The AES key in sent in cleartext in response to successful authentication. The IV is always EU5H62G9ICGRNI43. Shenzhen Tenda Technology Co.,Ltd. of RX2 Pro The firmware contains a vulnerability related to plaintext storage of sensitive information.Information may be obtained and information may be tampered with. Tenda RX2 Pro is a high-performance WiFi 6 signal amplifier from China's Tenda. Attackers can exploit this vulnerability to decrypt traffic between the client and the server

Trust: 2.16

sources: NVD: CVE-2025-46633 // JVNDB: JVNDB-2025-005737 // CNVD: CNVD-2025-15793

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-15793

AFFECTED PRODUCTS

vendor:	tenda	model:	rx2 pro	scope:	eq	version:	16.03.30.14	Trust: 1.6
vendor:	tenda	model:	rx2 pro	scope:	eq	version:	rx2 pro firmware 16.03.30.14	Trust: 0.8
vendor:	tenda	model:	rx2 pro	scope:	eq	version:	-	Trust: 0.8
vendor:	tenda	model:	rx2 pro	scope:	-	version:	-	Trust: 0.8

sources: CNVD: CNVD-2025-15793 // JVNDB: JVNDB-2025-005737 // NVD: CVE-2025-46633

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-46633
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2025-005737
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-15793
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-15793
severity:	HIGH
baseScore:	8.5
vectorString:	AV:N/AC:L/AU:N/C:C/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	7.8
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-46633
baseSeverity:	HIGH
baseScore:	8.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	4.2
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-005737
baseSeverity:	HIGH
baseScore:	8.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-15793 // JVNDB: JVNDB-2025-005737 // NVD: CVE-2025-46633

PROBLEMTYPE DATA

problemtype:	CWE-312	Trust: 1.0
problemtype:	Plaintext storage of important information (CWE-312) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-005737 // NVD: CVE-2025-46633

PATCH

title:

Patch for Tenda RX2 Pro Information Disclosure Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/709361

Trust: 0.6

sources: CNVD: CNVD-2025-15793

EXTERNAL IDS

db:	NVD	id:	CVE-2025-46633	Trust: 3.2
db:	JVNDB	id:	JVNDB-2025-005737	Trust: 0.8
db:	CNVD	id:	CNVD-2025-15793	Trust: 0.6

sources: CNVD: CNVD-2025-15793 // JVNDB: JVNDB-2025-005737 // NVD: CVE-2025-46633

REFERENCES

url:	https://blog.uturn.dev/#/writeups/iot-village/tenda-rx2pro/readme?id=cve-2025-46633-transmission-of-plaintext-symmetric-key-in-httpd	Trust: 1.8
url:	https://www.tendacn.com/us/default.html	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2025-46633	Trust: 0.8
url:	https://blog.uturn.dev/#/writeups/iot	Trust: 0.6

sources: CNVD: CNVD-2025-15793 // JVNDB: JVNDB-2025-005737 // NVD: CVE-2025-46633

SOURCES

db:	CNVD	id:	CNVD-2025-15793
db:	JVNDB	id:	JVNDB-2025-005737
db:	NVD	id:	CVE-2025-46633

LAST UPDATE DATE

2025-07-17T23:41:06.604000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-15793	date:	2025-07-15T00:00:00
db:	JVNDB	id:	JVNDB-2025-005737	date:	2025-05-28T04:48:00
db:	NVD	id:	CVE-2025-46633	date:	2025-05-27T14:17:34.780

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-15793	date:	2025-07-15T00:00:00
db:	JVNDB	id:	JVNDB-2025-005737	date:	2025-05-28T00:00:00
db:	NVD	id:	CVE-2025-46633	date:	2025-05-01T20:15:39.310