Sensitive Information Exposure in Tenda RX2 Pro Web Management Portal
CVE-2025-46634

8.2HIGH

Key Information:

Vendor: Tenda
Status: RX2 Pro
Vendor: CVE Published:; 1 May 2025

What is CVE-2025-46634?

The Tenda RX2 Pro web management portal is susceptible to a security vulnerability where sensitive information is transmitted in cleartext. This flaw allows unauthenticated attackers to intercept credentials as they are sent over the network. Although the product implements encryption for user authentication, it fails to secure the password hash until after it has been transmitted in cleartext, enabling attackers to replay the hash for unauthorized access to the portal. This significant oversight in data handling exposes users to potential credential theft and unauthorized system access.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.tendacn.com/us/default.html

https://blog.uturn.dev/#/writeups/iot-village/tenda-rx2pr...

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 1, 2025

JSON

Tenda

What is CVE-2025-46634?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.