CVE-2025-8759
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-09

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was found in TRENDnet TN-200 1.02b02. It has been declared as problematic. This vulnerability affects unknown code of the component Lighttpd. The manipulation of the argument secdownload.secret with the input neV3rUseMe leads to use of hard-coded cryptographic key . The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-09
Last Modified
2026-04-29
Generated
2026-05-07
AI Q&A
2025-08-09
EPSS Evaluated
2026-05-05
NVD
CVE-2025-8759
EUVD
EUVD-2025-24056
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
trendnet tn-200_firmware 1.02
trendnet tn-200 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-320 Key Management Errors
CWE-321 The product uses a hard-coded, unchangeable cryptographic key.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in the TRENDnet TN-200 NAS device (version 1.02b02) involves a hard-coded cryptographic key in the Lighttpd web server configuration. Specifically, the argument 'secdownload.secret' is set to a fixed secret value 'neV3rUseMe'. Because this secret is hard-coded and publicly known, attackers can remotely exploit it by forging valid secure download URLs, bypassing access controls and gaining unauthorized access to protected files on the device. [1, 2]


How can this vulnerability impact me? :

The vulnerability can lead to unauthorized remote access to confidential files stored on the TRENDnet TN-200 NAS device by allowing attackers to generate valid secure download links using the hard-coded secret. This compromises the confidentiality of the data on the device. Although exploitation is considered difficult and requires some effort, a public proof-of-concept exploit exists, increasing the risk of attack. [1, 2]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

Detection can focus on identifying the presence of the vulnerable TRENDnet TN-200 device running Lighttpd version 1.02b02 and attempts to use the hardcoded secret 'neV3rUseMe' in the 'secdownload.secret' argument. Network monitoring tools can be used to detect HTTP requests containing this parameter with the known hardcoded value. For example, using tcpdump or Wireshark to filter HTTP traffic for 'secdownload.secret=neV3rUseMe'. A sample tcpdump command could be: tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep 'secdownload.secret=neV3rUseMe'. Additionally, scanning the network for devices with the specific firmware version or Lighttpd version may help identify vulnerable systems. [1, 2]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include replacing the affected TRENDnet TN-200 device with an alternative product, as no known countermeasures or patches are currently available. Restricting network access to the device, especially blocking external HTTP access, can reduce exposure. Monitoring for suspicious requests exploiting the hardcoded secret and disabling or isolating the vulnerable Lighttpd service if possible are also recommended. Since the vendor has not provided a response or patch, migration away from the vulnerable device is the advised course of action. [2]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart