Least Privilege Violation in TRENDnet TV-IP110WN Embedded Boa Web Server
CVE-2025-8757

7.3HIGH

Key Information:

Vendor: Trendnet
Status: Tv-ip110wn
Vendor: CVE Published:; 9 August 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-8757?

A vulnerability has been identified in the TRENDnet TV-IP110WN version 1.2.2 specifically related to the file /server/boa.conf of the Embedded Boa Web Server. Exploiting this issue requires local access, and it pertains to a least privilege violation, which allows unauthorized escalation of user privileges. The attack complexity is considered high, making exploitation difficult. While the vendor was informed of this issue, no response was received. As a result, the potential for public exploitation exists, raising concerns for users of this device.

Affected Version(s)

TV-IP110WN 1.2.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-8757 - Proof of Concept

References

https://vuldb.com/?id.319262

vdb-entry

https://vuldb.com/?ctiid.319262

signaturepermissions-required

https://vuldb.com/?submit.624257

third-party-advisory

CVSS V4

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Aug 9, 2025
👾
Exploit known to exist
Aug 9, 2025
Vulnerability published
Aug 9, 2025
Vulnerability Reserved
Aug 8, 2025

Credit

TPCHECKER (VulDB User)

Trendnet

Badges

What is CVE-2025-8757?

Affected Version(s)

Exploit Proof of Concept (PoC)

References

CVSS V4

Timeline

Credit