CVE-2025-25428
Published: 28 February 2025
Description
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
Security Summary
CVE-2025-25428 is a hardcoded password vulnerability in the TRENDnet TEW-929DRU router running firmware version 1.0.0.10. The flaw exists in the /etc/shadow file, which contains a static password that permits unauthorized root login. This issue, classified under CWE-259 (Use of Hard-coded Password), was published on 2025-02-28 and carries a CVSS v3.1 base score of 8.0 (AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for complete device compromise.
Attackers with adjacent network access (AV:A) and low privileges (PR:L), such as limited user access, can exploit this vulnerability with low complexity and no user interaction required. Upon successful authentication using the hardcoded password, attackers gain root privileges, enabling high-impact confidentiality breaches (e.g., data exfiltration), integrity violations (e.g., configuration changes), and availability disruptions (e.g., denial of service), effectively providing full control over the affected router.
Mitigation details are available in the referenced advisory at https://instinctive-acapella-fc7.notion.site/Trendnet-TEW-929DRU-Hardcoded-password-17815d9d4d2680d5a2becf32425d93fd, which documents the hardcoded password discovery in the TRENDnet TEW-929DRU.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The hardcoded password in /etc/shadow allows attackers with low privileges to authenticate as root, enabling privilege escalation (T1068), use of local accounts (T1078.003), and exploitation of unsecured credentials in files (T1552.001).