CVE-2025-8731

HIGH EPSS 43.6%
Published Aug 8, 202510mo ago · Modified Jun 17, 20261w ago
8.9 CVSS 4.0
High
Find Similar
Published Aug 8, 2025 10mo ago
Last Modified Jun 17, 2026 1w ago

Description

A vulnerability was identified in TRENDnet TI-G160i, TI-PG102i and TPL-430AP up to 20250724. This affects an unknown part of the component SSH Service. The manipulation leads to use of default credentials. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor explains: "For product TI-PG102i and TI-G160i, by default, the product's remote management options are all disabled. The root account is for troubleshooting purpose and the password is encrypted. However, we will remove the root account from the next firmware release. For product TPL-430AP, the initial setup process requires user to set the password for the management GUI. Once that was done, the default password will be invalid."

CVSS Details

Base Score
8.9
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
43.6% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-1392

References 4

  • github.com https://github.com/Nicholas-wei/bug-discovery/blob/main/trendnet/TPL-430AP_FW1.0.1/trendnet_several_vulns.pdf
  • vuldb.com https://vuldb.com/?ctiid.319227
  • vuldb.com https://vuldb.com/?id.319227
  • vuldb.com https://vuldb.com/?submit.621749

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.