CVE-2025-8759

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: TRENDnet TN-200 version 1.02b02

Description: A vulnerability exists in the TRENDnet TN-200 device. The issue resides in the Lighttpd component, where manipulation of the secdownload.secret argument with the input neV3rUseMe results in the use of a hard-coded cryptographic key. This issue can be exploited remotely, but the attack complexity is considered high and exploitation appears difficult. The exploit has been publicly disclosed. The vendor was informed of the disclosure but did not respond.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-321CWE-320

Related Identifiers

BDU:2025-09644

CVE-2025-8759

Affected Products

Lighttpd

Trendnet Tn-200

CVE-2025-8759

Weakness Enumeration

Related Identifiers

Affected Products

References · 15