CVE 6.3 MEDIUM

TRENDnet TN-200 Lighttpd hard-coded key_CVE-2025-8759

August 9, 2025 invoker category_cve

6.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was found in TRENDnet TN-200 1.02b02. It has been declared as problematic. This vulnerability affects unknown code of the component Lighttpd. The manipulation of the argument secdownload.secret with the input neV3rUseMe leads to use of hard-coded cryptographic key
. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AI Analysis

A vulnerability in TRENDnet TN-200's Lighttpd component uses a hard-coded cryptographic key, allowing remote attacks. Exploitation is difficult but possible.

Basic Information

ID CVE-2025-8759

Source VulDB

Published Aug 9, 2025 at 17:02

Affected Product

Vendor TRENDnet

Product TN-200

Version 1.02b02

Affected Versions TRENDnet TN-200 1.02b02

CWE Classification

CWE-321 CWE-320

AI Assessment

AI Severity Medium

Vendor TRENDnet

Product TRENDnet TN-200

Version 1.02b02

References

{
    "lastseen": "",
    "description": "A vulnerability was found in TRENDnet TN-200 1.02b02. It has been declared as problematic. This vulnerability affects unknown code of the component Lighttpd. The manipulation of the argument secdownload.secret with the input neV3rUseMe leads to use of hard-coded cryptographic key\r . The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2025-08-09T17:02:05.648Z",
    "modified": "2025-08-09T17:02:05.648Z",
    "type": "cve",
    "title": "TRENDnet TN-200 Lighttpd hard-coded key",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.319264\nhttps://vuldb.com/?ctiid.319264\nhttps://vuldb.com/?submit.624555\nhttps://www.notion.so/23f54a1113e7801e944ec65a2f7c5448",
    "id": "CVE-2025-8759",
    "bulletinFamily": "",
    "cwe": [
        "CWE-321",
        "CWE-320"
    ],
    "cvelist": null,
    "sourceData": "TRENDnet TN-200 1.02b02",
    "sourceHref": "",
    "cvss": {
        "score": 6.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "TN-200",
    "version": "1.02b02",
    "vendor": "TRENDnet",
    "ai_description": "A vulnerability in TRENDnet TN-200's Lighttpd component uses a hard-coded cryptographic key, allowing remote attacks. Exploitation is difficult but possible.",
    "ai_severity": "Medium",
    "ai_vendor": "TRENDnet",
    "ai_product": "TRENDnet TN-200",
    "ai_version": "1.02b02",
    "ai_score": 0
}

💭 Join the Security Discussion ❌ Cancel Reply