TRENDnet TV-IP110WN Embedded Boa Web Server boa.conf least privilege violation

7.3 / 10

HIGH

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was found in TRENDnet TV-IP110WN 1.2.2 and classified as problematic. Affected by this issue is some unknown functionality of the file /server/boa.conf of the component Embedded Boa Web Server. The manipulation leads to least privilege violation. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2025-8757

Source VulDB

Published Aug 9, 2025 at 15:02

Affected Product

Vendor TRENDnet

Product TV-IP110WN

Version 1.2.2

Affected Versions TRENDnet TV-IP110WN 1.2.2

CWE Classification

CWE-272 CWE-266

References

{
    "lastseen": "",
    "description": "A vulnerability was found in TRENDnet TV-IP110WN 1.2.2 and classified as problematic. Affected by this issue is some unknown functionality of the file /server/boa.conf of the component Embedded Boa Web Server. The manipulation leads to least privilege violation. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2025-08-09T15:02:05.815Z",
    "modified": "2025-08-09T15:02:05.815Z",
    "type": "cve",
    "title": "TRENDnet TV-IP110WN Embedded Boa Web Server boa.conf least privilege violation",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.319262\nhttps://vuldb.com/?ctiid.319262\nhttps://vuldb.com/?submit.624257\nhttps://www.notion.so/23e54a1113e780569260e231993bdf61",
    "id": "CVE-2025-8757",
    "bulletinFamily": "",
    "cwe": [
        "CWE-272",
        "CWE-266"
    ],
    "cvelist": null,
    "sourceData": "TRENDnet TV-IP110WN 1.2.2",
    "sourceHref": "",
    "cvss": {
        "score": 7.3,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "TV-IP110WN",
    "version": "1.2.2",
    "vendor": "TRENDnet",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

TRENDnet TV-IP110WN Embedded Boa Web Server boa.conf least privilege violation_CVE-2025-8757