Primary

Context

Tenda RX2 Pro Web Management Portal Initialization Vector Reuse Vulnerability

Vulnerability

A vulnerability exists in the web management portal of the Tenda RX2 Pro router, specifically in version 16.03.30.14, due to the reuse of the initialization vector (IV) in AES-128-CBC encryption. This IV reuse may allow an attacker to discern information or more easily decrypt messages encrypted between the client and server.

Impact

The vulnerability could lead to unauthorized decryption of encrypted messages, allowing interception and potentially manipulation of the communication between the client and the server.

Reproduction

The vulnerability can be reproduced by observing the HTTP traffic between the client and the Tenda RX2 Pro web management portal after authentication. The same IV is reused for every session, which can be exploited to decrypt intercepted messages.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

9.1

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

9.1

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tenda RX2 Pro Web Management Portal Initialization Vector Reuse Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

Tenda RX2 Pro

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating