exploitDog

CVE-2025-44647

Опубликовано: 21 июл. 2025

Источник: nvd

CVSS3: 7.3

EPSS Низкий

Описание

In TRENDnet TEW-WLC100P 2.03b03, the i_dont_care_about_security_and_use_aggressive_mode_psk option is enabled in the strongSwan configuration file, so that IKE Responders are allowed to use IKEv1 Aggressive Mode with Pre-Shared Keys to conduct offline attacks on the openly transmitted hash of the PSK.

Ссылки

http://tew-wlc100p.com
Broken Link
https://gist.github.com/TPCchecker/18c32439ed13feaed99f8229d1749892
Broken Link
https://www.notion.so/CVE-2025-44647-24754a1113e780b0a130d4439861bf3c
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:trendnet:tew-wlc100p_firmware:2.03b03:*:*:*:*:*:*:*

cpe:2.3:h:trendnet:tew-wlc100p:-:*:*:*:*:*:*:*

EPSS

Процентиль: 19%

0.0006

Низкий

7.3 High

CVSS3

Дефекты

CWE-1188

Связанные уязвимости

GHSA-4gcv-68wg-8j74

CVSS3: 7.3

github

7 месяцев назад

In TRENDnet TEW-WLC100P 2.03b03, the i_dont_care_about_security_and_use_aggressive_mode_psk option is enabled in the strongSwan configuration file, so that IKE Responders are allowed to use IKEv1 Aggressive Mode with Pre-Shared Keys to conduct offline attacks on the openly transmitted hash of the PSK.

EPSS

Процентиль: 19%

0.0006

Низкий

7.3 High

CVSS3

Дефекты

CWE-1188