Skip to main content

TRENDnet TV-IP121W CVE-2025-5870

| EUVDEUVD-2025-17444 MEDIUM
Improper Authentication (CWE-287)
2025-06-09 cna@vuldb.com
5.5
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

5
Severity Changed
Apr 29, 2026 - 01:11 NVD
HIGH MEDIUM
CVSS changed
Apr 29, 2026 - 01:11 NVD
7.3 (HIGH) 5.5 (MEDIUM)
EUVD ID Assigned
Mar 14, 2026 - 19:21 euvd
EUVD-2025-17444
Analysis Generated
Mar 14, 2026 - 19:21 vuln.today
CVE Published
Jun 09, 2025 - 09:15 nvd
HIGH 7.3

DescriptionCVE.org

A vulnerability has been found in TRENDnet TV-IP121W 1.1.1 Build 36 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/setup.cgi of the component Web Interface. The manipulation leads to improper authentication. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Critical authentication bypass vulnerability in TRENDnet TV-IP121W IP camera (version 1.1.1 Build 36) affecting the /admin/setup.cgi web interface endpoint. An unauthenticated remote attacker can bypass authentication controls to gain unauthorized administrative access, potentially allowing unauthorized configuration changes, data theft, or device compromise. A public exploit has been disclosed, the vendor has not responded to early disclosure, and the vulnerability exhibits moderate real-world exploitation probability given its network-accessible nature and lack of authentication requirements.

Technical ContextAI

The vulnerability resides in improper authentication mechanisms (CWE-287: Improper Authentication) within the TRENDnet TV-IP121W IP camera's CGI-based web administration interface. The /admin/setup.cgi endpoint fails to properly validate user credentials or session tokens before processing administrative requests. IP cameras in this product line typically run embedded web servers (often lighttpd or similar) to deliver configuration interfaces; this vulnerability suggests insufficient access control checks in the CGI script handling administrative setup operations. The affected CPE is likely 'cpe:2.7.a:trendnet:tv-ip121w:1.1.1' with specific build 36. CWE-287 indicates the root cause is the lack of proper credential verification, potentially allowing direct access to privileged functions without prior successful authentication.

Share

CVE-2025-5870 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy