Hardcoded Password Vulnerability in TRENDnet TEW-929DRU Router
CVE-2025-25428

8HIGH

Key Information:

Vendor: TRENDnet
Status: TEW-929DRU
Vendor: CVE Published:; 28 February 2025

What is CVE-2025-25428?

The TRENDnet TEW-929DRU router version 1.0.0.10 is found to have a vulnerability due to a hardcoded password located in the /etc/shadow file. This flaw allows attackers to gain root access to the device, potentially enabling them to execute arbitrary commands and compromise the security of the network. Users of this router model should take immediate action to secure their devices and mitigate potential risks.

References

https://instinctive-acapella-fc7.notion.site/Trendnet-TEW...

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 28, 2025
Vulnerability Reserved
Feb 7, 2025