Tenda RX2 Pro Cleartext Transmission of Credentials Vulnerability

A vulnerability exists in the Tenda RX2 Pro Wi-Fi 6 router, specifically in version 16.03.30.14, due to the cleartext transmission of sensitive information through the web management portal. This flaw may allow an unauthenticated attacker to intercept and collect credentials from unencrypted traffic, enabling access to the management portal. Although the router implements encryption, it only activates after the user has transmitted a hashed password in cleartext. The intercepted hash can be replayed to authenticate.

Impact

Exploitation of this vulnerability could lead to unauthorized access to the router's web management portal, allowing an attacker to authenticate using intercepted credentials.

Reproduction

The vulnerability can be reproduced by observing the authentication process through a network traffic analysis tool like Wireshark. The transmitted data will include the user's password hash in cleartext, which can be captured and reused to gain access to the web management portal.