Search criteria
2 vulnerabilities by TrendMakers
CVE-2025-6522 (GCVE-0-2025-6522)
Vulnerability from cvelistv5 – Published: 2025-06-27 17:09 – Updated: 2025-06-27 18:33
VLAI?
Title
TrendMakers Sight Bulb Pro Command Injection
Summary
Unauthenticated users on an adjacent network with the Sight Bulb Pro can
run shell commands as root through a vulnerable proprietary TCP
protocol available on Port 16668. This vulnerability allows an attacker
to run arbitrary commands on the Sight Bulb Pro by passing a well formed
JSON string.
Severity ?
5.4 (Medium)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TrendMakers | Sight Bulb Pro Firmware ZJ_CG32-2201 |
Affected:
0 , ≤ 8.57.83
(custom)
|
Credits
Fahim Balouch reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6522",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-27T18:33:21.296679Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-27T18:33:29.421Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Sight Bulb Pro Firmware ZJ_CG32-2201",
"vendor": "TrendMakers",
"versions": [
{
"lessThanOrEqual": "8.57.83",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Fahim Balouch reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unauthenticated users on an adjacent network with the Sight Bulb Pro can\n run shell commands as root through a vulnerable proprietary TCP \nprotocol available on Port 16668. This vulnerability allows an attacker \nto run arbitrary commands on the Sight Bulb Pro by passing a well formed\n JSON string."
}
],
"value": "Unauthenticated users on an adjacent network with the Sight Bulb Pro can\n run shell commands as root through a vulnerable proprietary TCP \nprotocol available on Port 16668. This vulnerability allows an attacker \nto run arbitrary commands on the Sight Bulb Pro by passing a well formed\n JSON string."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:P/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-27T17:09:33.801Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-177-02"
},
{
"url": "https://www.trendmakerscares.com/Customer-Service-Hours"
}
],
"source": {
"advisory": "ICSA-25-177-02",
"discovery": "EXTERNAL"
},
"title": "TrendMakers Sight Bulb Pro Command Injection",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "TrendMakers did not respond to CISA\u0027s request for coordination. \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.trendmakerscares.com/Customer-Service-Hours\"\u003eContact TrendMakers\u003c/a\u003e directly for more information.\n\n\u003cbr\u003e"
}
],
"value": "TrendMakers did not respond to CISA\u0027s request for coordination. Contact TrendMakers https://www.trendmakerscares.com/Customer-Service-Hours directly for more information."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-6522",
"datePublished": "2025-06-27T17:09:33.801Z",
"dateReserved": "2025-06-23T13:38:00.806Z",
"dateUpdated": "2025-06-27T18:33:29.421Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6521 (GCVE-0-2025-6521)
Vulnerability from cvelistv5 – Published: 2025-06-27 17:06 – Updated: 2025-06-27 17:29
VLAI?
Title
TrendMakers Sight Bulb Pro Use of a Broken or Risky Cryptographic Algorithm
Summary
During the initial setup of the device the user connects to an access
point broadcast by the Sight Bulb Pro. During the negotiation, AES
Encryption keys are passed in cleartext. If captured, an attacker may be
able to decrypt communications between the management app and the Sight
Bulb Pro which may include sensitive information such as network
credentials.
Severity ?
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TrendMakers | Sight Bulb Pro Firmware ZJ_CG32-2201 |
Affected:
0 , ≤ 8.57.83
(custom)
|
Credits
Fahim Balouch reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6521",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-27T17:22:26.899939Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-27T17:29:48.416Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Sight Bulb Pro Firmware ZJ_CG32-2201",
"vendor": "TrendMakers",
"versions": [
{
"lessThanOrEqual": "8.57.83",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Fahim Balouch reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "During the initial setup of the device the user connects to an access \npoint broadcast by the Sight Bulb Pro. During the negotiation, AES \nEncryption keys are passed in cleartext. If captured, an attacker may be\n able to decrypt communications between the management app and the Sight\n Bulb Pro which may include sensitive information such as network \ncredentials."
}
],
"value": "During the initial setup of the device the user connects to an access \npoint broadcast by the Sight Bulb Pro. During the negotiation, AES \nEncryption keys are passed in cleartext. If captured, an attacker may be\n able to decrypt communications between the management app and the Sight\n Bulb Pro which may include sensitive information such as network \ncredentials."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "CWE-327",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-27T17:06:55.087Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-177-02"
},
{
"url": "https://www.trendmakerscares.com/Customer-Service-Hours"
}
],
"source": {
"advisory": "ICSA-25-177-02",
"discovery": "EXTERNAL"
},
"title": "TrendMakers Sight Bulb Pro Use of a Broken or Risky Cryptographic Algorithm",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "TrendMakers did not respond to CISA\u0027s request for coordination. \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.trendmakerscares.com/Customer-Service-Hours\"\u003eContact TrendMakers\u003c/a\u003e directly for more information.\n\n\u003cbr\u003e"
}
],
"value": "TrendMakers did not respond to CISA\u0027s request for coordination. Contact TrendMakers https://www.trendmakerscares.com/Customer-Service-Hours directly for more information."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-6521",
"datePublished": "2025-06-27T17:06:55.087Z",
"dateReserved": "2025-06-23T13:37:59.789Z",
"dateUpdated": "2025-06-27T17:29:48.416Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}