Improper Authentication in TRENDnet TV-IP121W Web Interface
CVE-2025-5870

6.9MEDIUM

Key Information:

Vendor: Trendnet
Status: Tv-ip121w
Vendor: CVE Published:; 9 June 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-5870?

A vulnerability exists in the TRENDnet TV-IP121W model due to improper authentication within the web interface's setup.cgi file. This flaw allows attackers to remotely exploit the device by bypassing authentication mechanisms, potentially compromizing the device's security. Despite early notifications to the vendor, no response has been received to address this critical issue, leaving users at risk. The vulnerability is publicly disclosed and could be utilized in attacks, emphasizing the need for immediate awareness and preventive measures.

Affected Version(s)

TV-IP121W 1.1.1 Build 36

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-5870 - Proof of Concept

References

https://vuldb.com/?id.311629

vdb-entry

https://vuldb.com/?ctiid.311629

signaturepermissions-required

https://vuldb.com/?submit.585435

third-party-advisory

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Jun 9, 2025
👾
Exploit known to exist
Jun 9, 2025
Vulnerability published
Jun 9, 2025
Vulnerability Reserved
Jun 8, 2025

Credit

zeke (VulDB User)

Trendnet