- Description
- Cleartext transmission of sensitive information in the web management portal of the Tenda RX2 Pro 16.03.30.14 may allow an unauthenticated attacker to authenticate to the web management portal by collecting credentials from observed/collected traffic. It implements encryption, but not until after the user has transmitted the hash of their password in cleartext. The hash can be replayed to authenticate.
- Source
- cve@mitre.org
- NVD status
- Analyzed
CVSS 3.1
- Type
- Secondary
- Base score
- 8.2
- Impact score
- 4.2
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
- Severity
- HIGH
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-312
- Hype score
- Not currently trending
به تازگی برای روتر های وایرلس مدل Tenda RX2 Pro آسیب پذیری های مختلفی شامل CVE-2025-46634 و CVE-2025-46632 و CVE-2025-46633 منتشر شده است. هکرها با استفاده از این آسیب پذیری می توان
@AmirHossein_sec
10 May 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-46634 Cleartext transmission of sensitive information in the web management portal of the Tenda RX2 Pro 16.03.30.14 may allow an unauthenticated attacker to authenticate to… https://t.co/6Iw4drid5e
@CVEnew
3 May 2025
599 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:rx2_pro_firmware:16.03.30.14:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A6C6559F-BD91-44DF-BA9E-2F55C714009C"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:rx2_pro:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "E95CB932-CDB6-4E44-A868-5DEEAD982F7C"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]