Config-Upload Code Injectie
Platform
other
Component
tc-router-3002t-3g
Opgelost in
3.08.8
3.08.8
3.08.8
3.08.8
1.06.23
3.08.8
3.08.8
3.08.8
3.07.7
3.08.8
3.07.7
CVE-2025-41717 describes a critical code injection vulnerability affecting the TC ROUTER 3002T-3G. An attacker can exploit this flaw to upload and execute malicious code, ultimately gaining root access to the device. This vulnerability impacts versions 0.0.0 through 3.08.8. A patch is available in version 3.08.8.
Impact en Aanvalsscenarioswordt vertaald…
The impact of this vulnerability is severe. Successful exploitation allows an unauthenticated attacker to upload arbitrary code to the TC ROUTER 3002T-3G as the root user. This grants complete control over the device, enabling attackers to modify configurations, steal sensitive data, install malware, and potentially pivot to other systems on the network. The lack of authentication required for the upload makes this vulnerability particularly dangerous, as it can be exploited remotely without any prior credentials. The resulting loss of confidentiality, availability, and integrity poses a significant risk to organizations relying on these routers.
Uitbuitingscontextwordt vertaald…
CVE-2025-41717 was publicly disclosed on January 13, 2026. The vulnerability's ease of exploitation, combined with the potential for root access, suggests a medium probability of exploitation. Currently, there are no publicly known active campaigns targeting this vulnerability, but the availability of a public proof-of-concept could change this. It is not currently listed on the CISA KEV catalog.
Wie Loopt Risicowordt vertaald…
Organizations deploying TC ROUTER 3002T-3G devices, particularly those in environments with limited network segmentation, are at significant risk. Shared hosting environments where multiple users share a single router are also vulnerable, as a compromise of one user's account could potentially lead to a compromise of the entire router.
Detectiestappenwordt vertaald…
• windows / supply-chain: Monitor network traffic for POST requests to the config-upload endpoint. Examine scheduled tasks for suspicious entries created after a potential compromise.
• linux / server: Use journalctl to filter for log entries related to file uploads and code execution. Implement auditd rules to monitor access to the config-upload endpoint.
• generic web: Use curl to test the config-upload endpoint with a benign payload and verify that the upload is rejected or handled securely. Check access logs for unusual activity related to the endpoint.
Aanvalstijdlijn
- Disclosure
disclosure
Dreigingsinformatie
Exploit Status
EPSS
0.05% (15% percentiel)
CISA SSVC
CVSS-vector
Wat betekenen deze metrics?
- Attack Vector
- Netwerk — op afstand uitbuitbaar via internet. Geen fysieke of lokale toegang vereist.
- Attack Complexity
- Laag — geen speciale voorwaarden vereist. Betrouwbaar uitbuitbaar.
- Privileges Required
- Geen — geen authenticatie vereist om te exploiteren.
- User Interaction
- Vereist — slachtoffer moet een bestand openen, op een link klikken of een pagina bezoeken.
- Scope
- Ongewijzigd — impact beperkt tot het kwetsbare component.
- Confidentiality
- Hoog — volledig verlies van vertrouwelijkheid. Aanvaller kan alle gegevens lezen.
- Integrity
- Hoog — aanvaller kan alle gegevens schrijven, aanpassen of verwijderen.
- Availability
- Hoog — volledige crash of uitputting van resources. Totale denial of service.
Getroffen Software
Zwakheidsclassificatie (CWE)
Tijdlijn
- Gereserveerd
- Gepubliceerd
- Gewijzigd
- EPSS bijgewerkt
Mitigatie en Workaroundswordt vertaald…
The primary mitigation for CVE-2025-41717 is to immediately upgrade the TC ROUTER 3002T-3G to version 3.08.8 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds such as restricting access to the config-upload endpoint using a firewall or access control list (ACL). Monitoring network traffic for suspicious uploads to the endpoint can also help detect potential exploitation attempts. After upgrading, verify the fix by attempting to upload a benign test file through the config-upload endpoint and confirming that the upload is rejected or handled securely.
Hoe te verhelpenwordt vertaald…
Actualice el firmware del TC ROUTER 3002T-3G a la versión 3.08.8 o superior. Esto corrige la vulnerabilidad de inyección de código. Descargue la última versión del firmware desde el sitio web oficial de Phoenix Contact.
CVE Beveiligingsnieuwsbrief
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
Veelgestelde vragenwordt vertaald…
What is CVE-2025-41717 — Code Injection in TC ROUTER 3002T-3G?
CVE-2025-41717 is a critical vulnerability allowing unauthenticated attackers to upload and execute malicious code on the TC ROUTER 3002T-3G, potentially gaining root access.
Am I affected by CVE-2025-41717 in TC ROUTER 3002T-3G?
If you are using TC ROUTER 3002T-3G versions 0.0.0 through 3.08.8, you are potentially affected by this vulnerability.
How do I fix CVE-2025-41717 in TC ROUTER 3002T-3G?
Upgrade your TC ROUTER 3002T-3G to version 3.08.8 or later to resolve the vulnerability. Consider temporary workarounds like firewall restrictions if immediate upgrade is not possible.
Is CVE-2025-41717 being actively exploited?
Currently, there are no publicly known active campaigns targeting this vulnerability, but the ease of exploitation warrants caution.
Where can I find the official TC ROUTER advisory for CVE-2025-41717?
Refer to the official TC ROUTER security advisory for detailed information and updates regarding CVE-2025-41717.
Is jouw project getroffen?
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.