CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-46626

Reuse of a static AES key and initialization vector for encrypted traffic to the 'ate' management service of the Tenda RX2 Pro 16.03.30.14 allows an attacker to decrypt, replay, and/or forge traffic to the service.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 3.4%

CVSS Severity

CVSS v3 Score 7.3

References

https://blog.uturn.dev/#/writeups/iot-village/tenda-rx2pro/README?id=cve-2025-46625-command-injection-through-setlancfg-in-httpd
https://www.tendacn.com/us/default.html

Products affected by CVE-2025-46626

Tenda » Rx2 Pro » Version: N/A

cpe:2.3:h:tenda:rx2_pro:-
Tenda » Rx2 Pro Firmware » Version: 16.03.30.14

cpe:2.3:o:tenda:rx2_pro_firmware:16.03.30.14

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-46626

Products

Pricing

Contact Us