Plataforma
other
Componente
tc-router-3002t-3g
Corrigido em
3.08.8
3.08.8
3.08.8
3.08.8
1.06.23
3.08.8
3.08.8
3.08.8
3.07.7
3.08.8
3.07.7
CVE-2025-41717 describes a critical code injection vulnerability affecting the TC ROUTER 3002T-3G. An attacker can exploit this flaw to upload and execute malicious code, ultimately gaining root access to the device. This vulnerability impacts versions 0.0.0 through 3.08.8. A patch is available in version 3.08.8.
The impact of this vulnerability is severe. Successful exploitation allows an unauthenticated attacker to upload arbitrary code to the TC ROUTER 3002T-3G as the root user. This grants complete control over the device, enabling attackers to modify configurations, steal sensitive data, install malware, and potentially pivot to other systems on the network. The lack of authentication required for the upload makes this vulnerability particularly dangerous, as it can be exploited remotely without any prior credentials. The resulting loss of confidentiality, availability, and integrity poses a significant risk to organizations relying on these routers.
CVE-2025-41717 was publicly disclosed on January 13, 2026. The vulnerability's ease of exploitation, combined with the potential for root access, suggests a medium probability of exploitation. Currently, there are no publicly known active campaigns targeting this vulnerability, but the availability of a public proof-of-concept could change this. It is not currently listed on the CISA KEV catalog.
Organizations deploying TC ROUTER 3002T-3G devices, particularly those in environments with limited network segmentation, are at significant risk. Shared hosting environments where multiple users share a single router are also vulnerable, as a compromise of one user's account could potentially lead to a compromise of the entire router.
• windows / supply-chain: Monitor network traffic for POST requests to the config-upload endpoint. Examine scheduled tasks for suspicious entries created after a potential compromise.
• linux / server: Use journalctl to filter for log entries related to file uploads and code execution. Implement auditd rules to monitor access to the config-upload endpoint.
• generic web: Use curl to test the config-upload endpoint with a benign payload and verify that the upload is rejected or handled securely. Check access logs for unusual activity related to the endpoint.
disclosure
Status do Exploit
EPSS
0.05% (percentil 15%)
CISA SSVC
Vetor CVSS
The primary mitigation for CVE-2025-41717 is to immediately upgrade the TC ROUTER 3002T-3G to version 3.08.8 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds such as restricting access to the config-upload endpoint using a firewall or access control list (ACL). Monitoring network traffic for suspicious uploads to the endpoint can also help detect potential exploitation attempts. After upgrading, verify the fix by attempting to upload a benign test file through the config-upload endpoint and confirming that the upload is rejected or handled securely.
Actualice el firmware del TC ROUTER 3002T-3G a la versión 3.08.8 o superior. Esto corrige la vulnerabilidad de inyección de código. Descargue la última versión del firmware desde el sitio web oficial de Phoenix Contact.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2025-41717 is a critical vulnerability allowing unauthenticated attackers to upload and execute malicious code on the TC ROUTER 3002T-3G, potentially gaining root access.
If you are using TC ROUTER 3002T-3G versions 0.0.0 through 3.08.8, you are potentially affected by this vulnerability.
Upgrade your TC ROUTER 3002T-3G to version 3.08.8 or later to resolve the vulnerability. Consider temporary workarounds like firewall restrictions if immediate upgrade is not possible.
Currently, there are no publicly known active campaigns targeting this vulnerability, but the ease of exploitation warrants caution.
Refer to the official TC ROUTER security advisory for detailed information and updates regarding CVE-2025-41717.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.