CVE-2025-44647 is a high-severity vulnerability affecting the TRENDnet TEW-WLC100P device running firmware version 2.03b03. The vulnerability arises from the configuration of the strongSwan IPsec implementation, where the option 'i_dont_care_about_security_and_use_aggressive_mode_psk' is enabled. This setting permits the use of IKEv1 Aggressive Mode with Pre-Shared Keys (PSK) during the Internet Key Exchange (IKE) negotiation phase. Aggressive Mode in IKEv1 is known to be less secure because it transmits a hash of the PSK in cleartext, allowing an attacker who can capture the IKE negotiation packets to perform offline brute-force or dictionary attacks against the PSK. Since the PSK hash is openly transmitted, attackers do not need to interact with the device repeatedly, enabling efficient offline cracking attempts. The vulnerability does not require authentication or user interaction and can be exploited remotely over the network. The CVSS score of 7.3 reflects the network attack vector, low attack complexity, no privileges or user interaction required, and impacts on confidentiality, integrity, and availability. Although no known exploits are currently reported in the wild, the vulnerability poses a significant risk to the confidentiality of VPN credentials and the integrity and availability of the affected device's VPN services. The lack of available patches or updates at the time of publication increases the urgency for mitigation.

For European organizations, this vulnerability could lead to unauthorized access to VPN tunnels established via the affected TRENDnet TEW-WLC100P devices. Compromise of the PSK through offline attacks enables attackers to decrypt VPN traffic, potentially exposing sensitive corporate data, intellectual property, and personal information protected under GDPR. Additionally, attackers could impersonate legitimate VPN clients, gaining unauthorized network access, which could facilitate lateral movement, data exfiltration, or deployment of malware. The integrity of communications and availability of VPN services could also be disrupted, impacting business continuity. Given the widespread use of VPNs in European enterprises for secure remote access, this vulnerability could undermine trust in network security and compliance with data protection regulations. Organizations relying on TRENDnet devices for VPN connectivity should consider this a critical risk, especially those in sectors with high data sensitivity such as finance, healthcare, and government.

Immediate mitigation steps include disabling IKEv1 Aggressive Mode with PSK on the TRENDnet TEW-WLC100P devices by modifying the strongSwan configuration to remove or disable the 'i_dont_care_about_security_and_use_aggressive_mode_psk' option. Organizations should enforce the use of IKEv2 or IKEv1 Main Mode with certificate-based authentication instead of PSK to enhance security. If PSK must be used, ensure it is complex, long, and rotated regularly to reduce the risk of successful offline attacks. Network segmentation and strict firewall rules should limit access to VPN endpoints to trusted IP ranges. Monitoring VPN logs for unusual authentication attempts or repeated negotiation failures can help detect exploitation attempts. Until a vendor patch is available, consider replacing vulnerable devices or using alternative VPN solutions that do not permit Aggressive Mode with PSK. Additionally, educate IT staff about the risks of aggressive mode and the importance of secure VPN configurations.