Listen to this Post
How CVE-2025-46626 Works
The Tenda RX2 Pro router firmware version 16.03.30.14 uses a static AES key and initialization vector (IV) for encrypting traffic to its ‘ate’ management service. This allows attackers to:
1. Decrypt intercepted traffic due to predictable cryptographic parameters.
2. Replay previously captured packets to execute unauthorized commands.
3. Forge malicious packets by reusing the known key/IV pair.
The vulnerability stems from hardcoded credentials in the firmware, enabling man-in-the-middle (MITM) attacks without needing physical access.
DailyCVE Form
Platform: Tenda RX2 Pro
Version: 16.03.30.14
Vulnerability: Static AES reuse
Severity: Critical
Date: 05/27/2025
Prediction: Patch by 07/15/2025
What Undercode Say:
Exploitation
1. Traffic Capture:
tcpdump -i eth0 host <router_ip> -w tenda_traffic.pcap
2. Key Extraction:
Reverse firmware to locate hardcoded key:
binwalk -Me RX2_16.03.30.14.bin grep -r "AES_KEY" ./_extracted
3. Decryption:
from Crypto.Cipher import AES cipher = AES.new(static_key, AES.MODE_CBC, static_iv) decrypted = cipher.decrypt(encrypted_payload)
Protection
1. Mitigation:
iptables -A INPUT -p tcp --dport ate_service_port -j DROP
2. Firmware Check:
md5sum RX2_16.03.30.14.bin | grep <expected_hash>
3. Workaround:
Disable ‘ate’ service via CLI:
ate_service --disable
Detection
1. Network Scan:
nmap -p- --script ssl-enum-ciphers <router_ip>
2. Log Analysis:
grep "ate_service" /var/log/tenda.log
Patch Expected
Vendor likely to release update by mid-July 2025. Monitor:
wget https://www.tenda.com/firmware/RX2_Pro/version_check
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
