Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Primary

Context

TRENDnet TN-200 Hard-Coded Cryptographic Key Vulnerability

Vulnerability

Exploited

A vulnerability exists in the TRENDnet TN-200 NAS device running version 1.02b02, related to the Lighttpd component. The issue arises from the secdownload.secret argument, which can be manipulated to use a hard-coded cryptographic key. This vulnerability allows remote attackers to forge secure download links, gaining unauthorized access to protected files on the NAS. The exploitation of this vulnerability is considered difficult, but a public exploit is available.

Impact

Exploitation of this vulnerability could lead to unauthorized access to protected files on the NAS device, by allowing attackers to forge valid secure download links.

Added: Aug 9, 2025, 5:17 PM

Updated: Aug 9, 2025, 5:17 PM

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

2.5

exploitability

10.0

remediation

0.0

relevance

0.3

threat

8.0

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

2.5

exploitability

10.0

remediation

0.0

relevance

0.3

threat

8.0

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Actively Exploited in the Wild

TRENDnet TN-200 Hard-Coded Cryptographic Key Vulnerability

Vulnerability

Impact

Affected Products

TRENDnet TN-200

Lighttpd

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating