CVE-2025-8731
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-08

Last updated on: 2025-08-13

Assigner: VulDB

Description
A vulnerability was identified in TRENDnet TI-G160i, TI-PG102i and TPL-430AP up to 20250724. This affects an unknown part of the component SSH Service. The manipulation leads to use of default credentials. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor explains: "For product TI-PG102i and TI-G160i, by default, the product's remote management options are all disabled. The root account is for troubleshooting purpose and the password is encrypted. However, we will remove the root account from the next firmware release. For product TPL-430AP, the initial setup process requires user to set the password for the management GUI. Once that was done, the default password will be invalid."
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-08
Last Modified
2025-08-13
Generated
2026-05-07
AI Q&A
2025-08-08
EPSS Evaluated
2026-05-05
NVD
CVE-2025-8731
EUVD
EUVD-2025-23997
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
trendnet ti-pg102i v1_1.0.13
trendnet ti-g160i v1_1.0.5.s0
trendnet tpl-430ap 1.0.1
trendnet ti-pg102i v1_1.0.11
trendnet ti-pg102i v1_1.0.15
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1392 The product uses default credentials (such as passwords or cryptographic keys) for potentially critical functionality.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability affects TRENDnet devices TI-G160i, TI-PG102i, and TPL-430AP up to the version dated 20250724. It involves the SSH Service component where an attacker can manipulate the system to use default credentials. The attack can be initiated remotely, making it critical and exploitable without user interaction.


How can this vulnerability impact me? :

The vulnerability allows remote attackers to gain unauthorized access to affected devices by exploiting the use of default credentials in the SSH Service. This can lead to full compromise of confidentiality, integrity, and availability of the device and potentially the network it is connected to.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart