CVE-2025-25428
Published: 28 February 2025
Summary
CVE-2025-25428 is a high-severity Use of Hard-coded Password (CWE-259) vulnerability in Trendnet Tew-929Dru Firmware. Its CVSS base score is 8.0 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 15.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires management of system authenticators including changing defaults, establishing strength, and protecting content to prevent hardcoded root passwords in files like /etc/shadow.
Mandates timely identification, reporting, prioritization, and remediation of flaws such as hardcoded passwords via firmware updates.
Enforces establishment and monitoring of secure configuration settings that prohibit hardcoded credentials in router firmware components.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The hardcoded password in /etc/shadow allows attackers with low privileges to authenticate as root, enabling privilege escalation (T1068), use of local accounts (T1078.003), and exploitation of unsecured credentials in files (T1552.001).
NVD Description
TRENDnet TEW-929DRU 1.0.0.10 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.
Deeper analysisAI
CVE-2025-25428 is a hardcoded password vulnerability in the TRENDnet TEW-929DRU router running firmware version 1.0.0.10. The flaw exists in the /etc/shadow file, which contains a static password that permits unauthorized root login. This issue, classified under CWE-259 (Use of Hard-coded Password), was published on 2025-02-28 and carries a CVSS v3.1 base score of 8.0 (AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for complete device compromise.
Attackers with adjacent network access (AV:A) and low privileges (PR:L), such as limited user access, can exploit this vulnerability with low complexity and no user interaction required. Upon successful authentication using the hardcoded password, attackers gain root privileges, enabling high-impact confidentiality breaches (e.g., data exfiltration), integrity violations (e.g., configuration changes), and availability disruptions (e.g., denial of service), effectively providing full control over the affected router.
Mitigation details are available in the referenced advisory at https://instinctive-acapella-fc7.notion.site/Trendnet-TEW-929DRU-Hardcoded-password-17815d9d4d2680d5a2becf32425d93fd, which documents the hardcoded password discovery in the TRENDnet TEW-929DRU.
Details
- CWE(s)