CVE-2025-8757
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-09

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was found in TRENDnet TV-IP110WN 1.2.2 and classified as problematic. Affected by this issue is some unknown functionality of the file /server/boa.conf of the component Embedded Boa Web Server. The manipulation leads to least privilege violation. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-09
Last Modified
2026-04-29
Generated
2026-05-07
AI Q&A
2025-08-09
EPSS Evaluated
2026-05-05
NVD
CVE-2025-8757
EUVD
EUVD-2025-24053
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
trendnet tv-ip110wn 1.2.2
trendnet embedded_boa_web_server *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-266 A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
CWE-272 The elevated privilege level required to perform operations such as chroot() should be dropped immediately after the operation is performed.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-8757 is a critical vulnerability in the TRENDnet TV-IP110WN version 1.2.2, specifically in the Embedded Boa Web Server's configuration file /server/boa.conf. The web server is configured to run with root privileges, violating the principle of least privilege. This misconfiguration allows an attacker with local access to escalate their privileges to root, potentially fully compromising the device. [1, 2]


How can this vulnerability impact me? :

This vulnerability can lead to a full compromise of the affected device because an attacker who gains local access can escalate their privileges to root. This impacts the confidentiality, integrity, and availability of the device, allowing unauthorized control and potentially malicious actions on the device. [1, 2]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by checking the configuration of the Embedded Boa Web Server on the TRENDnet TV-IP110WN device, specifically the /server/boa.conf file to see if it is running with root privileges (User ID 0, Group ID 0). Since exploitation requires local access, detection involves accessing the device locally and inspecting the configuration file permissions and user settings. Commands to check this could include: `cat /server/boa.conf` to view the configuration and `ps aux | grep boa` to check the running user of the Boa web server process. However, no specific detection commands or network-based detection methods are provided. [1, 2]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include restricting local access to the affected TRENDnet TV-IP110WN device to trusted users only, as exploitation requires local access. Since the vendor has not provided any patches or fixes and no known countermeasures exist, it is recommended to consider replacing the affected product with a secure alternative. Additionally, monitoring for unauthorized local access attempts and isolating the device from critical networks can help reduce risk. [2]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart