Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

tew-wlc100p_firmware

Source -

NVD

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

2
Related CVEsRelated VendorsRelated AssignersReports
0Vulnerabilities found
CVE-2025-44647
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.3||HIGH
EPSS-0.05% / 16.08%
||
7 Day CHG~0.00%
Published-21 Jul, 2025 | 00:00
Updated-07 Aug, 2025 | 17:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In TRENDnet TEW-WLC100P 2.03b03, the i_dont_care_about_security_and_use_aggressive_mode_psk option is enabled in the strongSwan configuration file, so that IKE Responders are allowed to use IKEv1 Aggressive Mode with Pre-Shared Keys to conduct offline attacks on the openly transmitted hash of the PSK.

Action-Not Available
Vendor-n/aTRENDnet, Inc.
Product-tew-wlc100ptew-wlc100p_firmwaren/a
CWE ID-CWE-1188
Initialization of a Resource with an Insecure Default
CVE-2025-44649
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.02% / 2.63%
||
7 Day CHG~0.00%
Published-21 Jul, 2025 | 00:00
Updated-07 Aug, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the configuration file of racoon in the TRENDnet TEW-WLC100P 2.03b03, the first item of exchage_mode is set to aggressive. Aggressive mode in IKE Phase 1 exposes identity information in plaintext, is vulnerable to offline dictionary attacks, and lacks flexibility in negotiating security parameters.

Action-Not Available
Vendor-n/aTRENDnet, Inc.
Product-tew-wlc100ptew-wlc100p_firmwaren/a
CWE ID-CWE-312
Cleartext Storage of Sensitive Information