CVE-2025-5870

HIGH

TRENDnet TV-IP121W 1.1.1 Build 36 - Auth Bypass

Title source: llm

Description

A vulnerability has been found in TRENDnet TV-IP121W 1.1.1 Build 36 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/setup.cgi of the component Web Interface. The manipulation leads to improper authentication. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

References (4)

Core 4

Core References

Permissions Required, VDB Entry vdb-entry

https://vuldb.com/?id.311629

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.311629

Permissions Required, VDB Entry third-party-advisory

https://vuldb.com/?submit.585435

Various Sources exploit

https://github.com/zeke2997/CVE_request_TRENDnet

View Writeup ZIP pw:eip

Scores

CVSS v3 7.3

EPSS 0.0022

EPSS Percentile 44.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-287

Status published

Products (1)

TRENDnet/TV-IP121W 1.1.1 Build 36

Published Jun 09, 2025

Tracked Since Feb 18, 2026