CVE-2025-8731
Published: 08 August 2025
Summary
CVE-2025-8731 is a critical-severity Use of Default Credentials (CWE-1392) vulnerability. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Default Accounts (T1078.001); ranked at the 48.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-2 (Account Management) and CM-6 (Configuration Settings).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
IA-5 requires management and distribution of authenticators, prohibiting the use of default credentials in the SSH service to prevent remote exploitation.
AC-2 mandates account management processes to disable or remove unnecessary default accounts like root in the SSH service, directly addressing the vulnerability.
CM-6 establishes and enforces secure configuration settings that eliminate default credentials in SSH services on affected TRENDnet devices.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct use of default credentials (CWE-1392) on SSH service enables Valid Accounts abuse via Default Accounts for remote compromise.
NVD Description
A vulnerability was identified in TRENDnet TI-G160i, TI-PG102i and TPL-430AP up to 20250724. This affects an unknown part of the component SSH Service. The manipulation leads to use of default credentials. It is possible to initiate the attack remotely. The…
more
exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor explains: "For product TI-PG102i and TI-G160i, by default, the product's remote management options are all disabled. The root account is for troubleshooting purpose and the password is encrypted. However, we will remove the root account from the next firmware release. For product TPL-430AP, the initial setup process requires user to set the password for the management GUI. Once that was done, the default password will be invalid."
Deeper analysisAI
CVE-2025-8731 is a vulnerability involving the use of default credentials in an unknown part of the SSH service on TRENDnet devices TI-G160i, TI-PG102i, and TPL-430AP, affecting versions up to firmware 20250724. Classified under CWE-1392 with a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), it allows attackers to manipulate the service remotely.
Attackers with network access can exploit this vulnerability without authentication privileges, user interaction, or special conditions, potentially achieving high confidentiality, integrity, and availability impacts, such as full remote compromise of the affected devices via the default credentials.
Vendor advisories note that remote management is disabled by default on TI-PG102i and TI-G160i, with the root account intended for troubleshooting and its password encrypted; the vendor plans to remove this account in the next firmware release. For TPL-430AP, the initial setup requires users to set a management GUI password, after which the default password becomes invalid. The existence of the vulnerability is currently doubted, though an exploit has been publicly disclosed.
Exploitation details are available in referenced sources, including a GitHub PDF documenting vulnerabilities in TPL-430AP firmware 1.0.1 and VulDB entries, but no confirmed real-world exploitation is reported.
Details
- CWE(s)