A critical vulnerability has been identified in multiple TRENDnet networking products, including industrial switches and access points. This flaw, with the highest possible severity rating, allows a remote, unauthenticated attacker to gain complete control over affected devices by exploiting the SSH service. Successful exploitation could lead to a full network compromise, data interception, and widespread service disruption.

This critical vulnerability exists within the SSH service of the affected TRENDnet devices. A remote attacker can send a specially crafted request to the device's SSH port (TCP/22) to trigger the vulnerability. Based on the 9.8 CVSS score, this is likely a pre-authentication remote code execution (RCE) flaw, such as a buffer overflow or command injection, which does not require any valid credentials. A successful exploit would grant the attacker root-level administrative access to the underlying operating system of the device.

This vulnerability is rated as critical severity with a CVSS score of 9.8, indicating a complete loss of confidentiality, integrity, and availability of the affected device. As these devices are core network infrastructure components, their compromise could have severe business consequences. An attacker could pivot from the compromised device to the internal network, intercept sensitive network traffic (man-in-the-middle attacks), deploy ransomware, exfiltrate data, or cause a complete network outage, leading to significant financial and reputational damage.

Immediate Action: Immediately apply the latest firmware updates released by TRENDnet to all affected devices (TI-G160i, TI-PG102i, TPL-430AP) to patch the vulnerability. Following the update, monitor for any signs of post-remediation exploitation attempts and review SSH access logs for unusual connection patterns or error messages that occurred prior to patching.

Proactive Monitoring: Organizations should actively monitor network traffic and logs for indicators of compromise. This includes looking for unusual or unauthorized SSH connection attempts from unknown IP addresses in firewall and device logs, unexpected reboots or crashes of TRENDnet devices, anomalous outbound traffic originating from these devices, and any unauthorized configuration changes.

Compensating Controls: If patching cannot be performed immediately, implement the following compensating controls to reduce the risk of exploitation:

• Use a firewall or Access Control Lists (ACLs) to restrict network access to the SSH management interface (TCP port 22) to a trusted management network or specific, authorized IP addresses.
• If SSH is not essential for remote management, disable the service entirely on the affected devices.
• Deploy an Intrusion Prevention System (IPS) with signatures capable of detecting and blocking attempts to exploit this vulnerability.

Public Exploit Available: False (as of Aug 8, 2025)

Given the critical severity (CVSS 9.8) of this vulnerability and its impact on essential network infrastructure, immediate action is required. Although this CVE is not currently listed on the CISA KEV (Known Exploited Vulnerabilities) catalog, its characteristics make it a prime target for future exploitation. We strongly recommend that all organizations identify affected TRENDnet devices within their environment and apply the vendor-supplied firmware updates with the highest priority. If patching is delayed for any reason, the compensating controls, particularly restricting access to the SSH service, must be implemented immediately as an interim mitigation.