CVE-2025-46626
HIGHDescription
Reuse of a static AES key and initialization vector for encrypted traffic to the 'ate' management service of the Tenda RX2 Pro 16.03.30.14 allows an attacker to decrypt, replay, and/or forge traffic to the service.
Is your site exposed to CVE-2025-46626?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| tenda | rx2_pro_firmware |
| tenda | rx2_pro |
References
Frequently Asked Questions
What is CVE-2025-46626? +
How severe is CVE-2025-46626? +
What products are affected by CVE-2025-46626? +
How do I check if I'm vulnerable to CVE-2025-46626? +
Related Vulnerabilities
A vulnerability exists in Algo Edge up to 2.1.1 - a previously used (legacy) component of navify® Algorithm Suite. The …
Programs/P73_SimplePythonEncryption.py illustrates a simple Python encryption example using the RSA Algorithm. In versions prior to commit 6ce60b1, an attacker may …
Inadequate Encryption Strength vulnerability allow an authenticated attacker to execute arbitrary OS Commands via encrypted package upload.This issue affects Envoy: …
The use of a weak cryptographic key pair in the signature verification process in WPS Office (Kingsoft) on Windows allows …
Note Mark is an open-source note-taking application. Prior to 0.19.4, no minimum length or entropy is enforced on the JWT_SECRET …
Non-Compliant TLS Configuration.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .