CVE-2025-44649 is a high-severity vulnerability affecting the configuration of the racoon IKE (Internet Key Exchange) daemon in the TRENDnet TEW-WLC100P wireless controller firmware version 2.03b03. The vulnerability arises because the configuration file sets the first item of the exchange_mode parameter to 'aggressive' mode during IKE Phase 1. Aggressive mode is known to expose identity information in plaintext, making it susceptible to offline dictionary attacks. Unlike main mode, aggressive mode does not provide confidentiality for the identities exchanged, which can allow attackers to capture and analyze this information to guess pre-shared keys or credentials. Additionally, aggressive mode lacks flexibility in negotiating security parameters, potentially leading to weaker cryptographic settings. The CVSS v3.1 base score is 7.5, reflecting a network attack vector with low attack complexity, no privileges or user interaction required, and a high impact on confidentiality but no impact on integrity or availability. While no known exploits are currently reported in the wild, the vulnerability represents a significant risk due to the exposure of sensitive identity information and the potential for offline password cracking attacks. The affected product is a wireless LAN controller, which typically manages VPN tunnels or secure communications, so exploitation could compromise secure network communications or allow unauthorized access to network resources.

For European organizations using the TRENDnet TEW-WLC100P wireless controller, this vulnerability could lead to exposure of sensitive identity information during VPN or secure tunnel establishment, enabling attackers to perform offline dictionary attacks to recover pre-shared keys or credentials. This compromises the confidentiality of communications and could allow unauthorized network access or interception of sensitive data. Given the role of wireless controllers in enterprise and industrial environments, exploitation could undermine network security, leading to potential data breaches or lateral movement within corporate networks. The lack of impact on integrity and availability reduces the risk of direct service disruption, but the confidentiality breach alone is critical, especially for organizations handling sensitive or regulated data under GDPR. The vulnerability's exploitation does not require authentication or user interaction, increasing the risk of remote attacks from external adversaries.

Organizations should immediately review and modify the racoon configuration on affected TRENDnet TEW-WLC100P devices to disable aggressive mode and switch to main mode for IKE Phase 1 exchanges, which protects identity information by encrypting it. If firmware updates or patches become available from TRENDnet, these should be applied promptly. Network administrators should audit VPN configurations to ensure strong cryptographic parameters and enforce the use of robust pre-shared keys or certificates to mitigate offline dictionary attacks. Additionally, monitoring network traffic for unusual IKE negotiation patterns and implementing network segmentation can reduce exposure. Where possible, replacing or upgrading legacy devices that do not support secure IKE configurations is recommended. Finally, organizations should conduct penetration testing and vulnerability assessments focused on VPN and wireless controller configurations to identify and remediate similar weaknesses.