IKEv1 Aggressive Mode Vulnerability in TRENDnet Wireless Controller
CVE-2025-44647

7.3HIGH

Key Information:

Vendor: TRENDnet
Status: TEW-WLC100P
Vendor: CVE Published:; 21 July 2025

What is CVE-2025-44647?

The TRENDnet TEW-WLC100P version 2.03b03 contains a vulnerability where the option allowing IKE Responders to utilize IKEv1 Aggressive Mode with Pre-Shared Keys (PSK) is activated. This configuration flaw exposes the system to potential offline attacks, enabling malicious actors to exploit the non-secure transmission of PSK hashes, thereby compromising the integrity of the wireless communication.

References

http://tew-wlc100p.com

https://gist.github.com/TPCchecker/18c32439ed13feaed99f82...

https://www.notion.so/CVE-2025-44647-24754a1113e780b0a130...

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 21, 2025
Vulnerability Reserved
Apr 22, 2025

JSON