Injection de code via le téléversement de configuration
Plateforme
other
Composant
tc-router-3002t-3g
Corrigé dans
3.08.8
3.08.8
3.08.8
3.08.8
1.06.23
3.08.8
3.08.8
3.08.8
3.07.7
3.08.8
3.07.7
CVE-2025-41717 describes a critical code injection vulnerability affecting the TC ROUTER 3002T-3G. An attacker can exploit this flaw to upload and execute malicious code, ultimately gaining root access to the device. This vulnerability impacts versions 0.0.0 through 3.08.8. A patch is available in version 3.08.8.
Impact et Scénarios d'Attaquetraduction en cours…
The impact of this vulnerability is severe. Successful exploitation allows an unauthenticated attacker to upload arbitrary code to the TC ROUTER 3002T-3G as the root user. This grants complete control over the device, enabling attackers to modify configurations, steal sensitive data, install malware, and potentially pivot to other systems on the network. The lack of authentication required for the upload makes this vulnerability particularly dangerous, as it can be exploited remotely without any prior credentials. The resulting loss of confidentiality, availability, and integrity poses a significant risk to organizations relying on these routers.
Contexte d'Exploitationtraduction en cours…
CVE-2025-41717 was publicly disclosed on January 13, 2026. The vulnerability's ease of exploitation, combined with the potential for root access, suggests a medium probability of exploitation. Currently, there are no publicly known active campaigns targeting this vulnerability, but the availability of a public proof-of-concept could change this. It is not currently listed on the CISA KEV catalog.
Qui Est à Risquetraduction en cours…
Organizations deploying TC ROUTER 3002T-3G devices, particularly those in environments with limited network segmentation, are at significant risk. Shared hosting environments where multiple users share a single router are also vulnerable, as a compromise of one user's account could potentially lead to a compromise of the entire router.
Étapes de Détectiontraduction en cours…
• windows / supply-chain: Monitor network traffic for POST requests to the config-upload endpoint. Examine scheduled tasks for suspicious entries created after a potential compromise.
• linux / server: Use journalctl to filter for log entries related to file uploads and code execution. Implement auditd rules to monitor access to the config-upload endpoint.
• generic web: Use curl to test the config-upload endpoint with a benign payload and verify that the upload is rejected or handled securely. Check access logs for unusual activity related to the endpoint.
Chronologie de l'Attaque
- Disclosure
disclosure
Renseignement sur les Menaces
Statut de l'Exploit
EPSS
0.05% (percentile 15%)
CISA SSVC
Vecteur CVSS
Que signifient ces métriques?
- Attack Vector
- Réseau — exploitable à distance via internet. Aucun accès physique ou local requis.
- Attack Complexity
- Faible — aucune condition spéciale requise. Exploitable de manière fiable.
- Privileges Required
- Aucun — sans authentification. Aucune identifiant requis pour exploiter.
- User Interaction
- Requise — la victime doit ouvrir un fichier, cliquer sur un lien ou visiter une page.
- Scope
- Inchangé — impact limité au composant vulnérable.
- Confidentiality
- Élevé — perte totale de confidentialité. L'attaquant peut lire toutes les données.
- Integrity
- Élevé — l'attaquant peut écrire, modifier ou supprimer toutes les données.
- Availability
- Élevé — panne complète ou épuisement des ressources. Déni de service total.
Logiciel Affecté
Classification de Faiblesse (CWE)
Chronologie
- Réservé
- Publiée
- Modifiée
- EPSS mis à jour
Mitigation et Contournementstraduction en cours…
The primary mitigation for CVE-2025-41717 is to immediately upgrade the TC ROUTER 3002T-3G to version 3.08.8 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds such as restricting access to the config-upload endpoint using a firewall or access control list (ACL). Monitoring network traffic for suspicious uploads to the endpoint can also help detect potential exploitation attempts. After upgrading, verify the fix by attempting to upload a benign test file through the config-upload endpoint and confirming that the upload is rejected or handled securely.
Comment corrigertraduction en cours…
Actualice el firmware del TC ROUTER 3002T-3G a la versión 3.08.8 o superior. Esto corrige la vulnerabilidad de inyección de código. Descargue la última versión del firmware desde el sitio web oficial de Phoenix Contact.
Newsletter Sécurité CVE
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
Questions fréquentestraduction en cours…
What is CVE-2025-41717 — Code Injection in TC ROUTER 3002T-3G?
CVE-2025-41717 is a critical vulnerability allowing unauthenticated attackers to upload and execute malicious code on the TC ROUTER 3002T-3G, potentially gaining root access.
Am I affected by CVE-2025-41717 in TC ROUTER 3002T-3G?
If you are using TC ROUTER 3002T-3G versions 0.0.0 through 3.08.8, you are potentially affected by this vulnerability.
How do I fix CVE-2025-41717 in TC ROUTER 3002T-3G?
Upgrade your TC ROUTER 3002T-3G to version 3.08.8 or later to resolve the vulnerability. Consider temporary workarounds like firewall restrictions if immediate upgrade is not possible.
Is CVE-2025-41717 being actively exploited?
Currently, there are no publicly known active campaigns targeting this vulnerability, but the ease of exploitation warrants caution.
Where can I find the official TC ROUTER advisory for CVE-2025-41717?
Refer to the official TC ROUTER security advisory for detailed information and updates regarding CVE-2025-41717.
Ton projet est-il affecté ?
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.