Description
A vulnerability was found in TRENDnet TI-G160i, TI-PG102i and TPL-430AP up to 20250724. It has been classified as critical. This affects an unknown part of the component SSH Service. The manipulation leads to use of default credentials. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
EPSS Score:
0%
Comprehensive Technical Analysis of EUVD-2025-23997
1. Vulnerability Assessment and Severity Evaluation
The vulnerability identified in TRENDnet devices (TI-G160i, TI-PG102i, and TPL-430AP) up to version 20250724 is classified as critical. The CVSS (Common Vulnerability Scoring System) base score of 9.3 indicates a high level of severity. The vulnerability involves the use of default credentials in the SSH Service, which can be exploited remotely without any user interaction. The attack complexity is low, and the vulnerability has been publicly disclosed, increasing the risk of exploitation.
2. Potential Attack Vectors and Exploitation Methods
Attack Vectors:
- Remote Exploitation: The vulnerability can be exploited remotely over the network.
- Default Credentials: Attackers can use default SSH credentials to gain unauthorized access.
Exploitation Methods:
- Credential Stuffing: Attackers can use known default credentials to log in to the SSH service.
- Automated Scanning: Attackers can use automated tools to scan for devices with default credentials.
- Lateral Movement: Once access is gained, attackers can move laterally within the network to compromise other systems.
3. Affected Systems and Software Versions
The vulnerability affects the following TRENDnet devices and software versions:
- TI-G160i: Up to version 20250724
- TI-PG102i: Up to version 20250724
- TPL-430AP: Up to version 20250724
4. Recommended Mitigation Strategies
Immediate Actions:
- Change Default Credentials: Immediately change the default SSH credentials to strong, unique passwords.
- Network Segmentation: Isolate affected devices from the main network to limit potential lateral movement.
- Firewall Rules: Implement strict firewall rules to restrict SSH access to trusted IP addresses only.
Long-Term Actions:
- Firmware Update: Monitor for and apply any firmware updates released by TRENDnet to address this vulnerability.
- Regular Audits: Conduct regular security audits to identify and mitigate similar vulnerabilities.
- Multi-Factor Authentication (MFA): Implement MFA for SSH access to add an additional layer of security.
5. Impact on European Cybersecurity Landscape
The vulnerability poses a significant risk to European organizations using the affected TRENDnet devices. The potential for remote exploitation and the use of default credentials make it a prime target for cybercriminals. The public disclosure of the exploit increases the likelihood of widespread attacks, which could lead to data breaches, unauthorized access, and potential disruption of services.
6. Technical Details for Security Professionals
CVSS Vector Breakdown:
- AV:N (Attack Vector: Network): The vulnerability can be exploited remotely over the network.
- AC:L (Attack Complexity: Low): The attack requires minimal skill and resources.
- AT:N (Attack Technique: Network): The attack technique involves network-based methods.
- PR:N (Privileges Required: None): No privileges are required to exploit the vulnerability.
- UI:N (User Interaction: None): No user interaction is required for the attack to succeed.
- VC:H (Vulnerability Confidentiality: High): The vulnerability has a high impact on confidentiality.
- VI:H (Vulnerability Integrity: High): The vulnerability has a high impact on integrity.
- VA:H (Vulnerability Availability: High): The vulnerability has a high impact on availability.
- SC:N (Scope Change: None): The scope of the attack does not change.
- SI:N (Scope Integrity: None): The scope integrity is not affected.
- SA:N (Scope Availability: None): The scope availability is not affected.
- E:P (Exploit Code Maturity: Proof-of-Concept): Proof-of-concept exploit code is available.
References:
Aliases:
- CVE-2025-8731
Assigner:
- VulDB
ENISA ID Product:
- TI-PG102i: Version 20250724
- TPL-430AP: Version 20250724
- TI-G160i: Version 20250724
ENISA ID Vendor:
- TRENDnet
Conclusion
The critical vulnerability in TRENDnet devices poses a significant risk to organizations using these products. Immediate mitigation steps, including changing default credentials and implementing network segmentation, are essential to protect against potential attacks. Long-term strategies, such as regular security audits and firmware updates, will help maintain a robust security posture. The European cybersecurity landscape must remain vigilant against such vulnerabilities to prevent widespread exploitation and potential data breaches.