Skip to main content

CVE-2025-6522: CWE-77 in TrendMakers Sight Bulb Pro Firmware ZJ_CG32-2201

Medium
VulnerabilityCVE-2025-6522cvecve-2025-6522cwe-77
Published: Fri Jun 27 2025 (06/27/2025, 17:09:33 UTC)
Source: CVE Database V5
Vendor/Project: TrendMakers
Product: Sight Bulb Pro Firmware ZJ_CG32-2201

Description

Unauthenticated users on an adjacent network with the Sight Bulb Pro can run shell commands as root through a vulnerable proprietary TCP protocol available on Port 16668. This vulnerability allows an attacker to run arbitrary commands on the Sight Bulb Pro by passing a well formed JSON string.

AI-Powered Analysis

AILast updated: 06/27/2025, 17:39:29 UTC

Technical Analysis

CVE-2025-6522 is a medium-severity vulnerability affecting the TrendMakers Sight Bulb Pro device running firmware version ZJ_CG32-2201. The vulnerability arises from improper input validation in a proprietary TCP protocol listening on port 16668. Specifically, unauthenticated attackers on an adjacent network segment can send a specially crafted JSON string to this service, which is parsed and executed as shell commands with root privileges. This corresponds to a command injection vulnerability classified under CWE-77. Successful exploitation allows an attacker to execute arbitrary commands as root, potentially leading to full compromise of the device. The vulnerability requires network adjacency, meaning the attacker must be on the same local or bridged network segment as the device. The CVSS 3.1 base score is 5.4, reflecting medium severity, with the vector AV:A/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:L. This indicates that the attack vector is adjacent network, low attack complexity, but requires high privileges and user interaction, which may be a discrepancy given the description states unauthenticated users can exploit it. No public exploits or patches are currently available. The vulnerability impacts confidentiality to a limited extent but poses a high risk to integrity due to arbitrary root command execution and a low impact on availability. The device is likely used in IoT or smart lighting contexts, and the proprietary protocol's exposure on a network port increases the attack surface significantly.

Potential Impact

For European organizations deploying the TrendMakers Sight Bulb Pro, this vulnerability presents a significant risk to operational security and device integrity. Compromise of these devices could allow attackers to pivot within internal networks, especially in environments where these bulbs are integrated into building management or industrial control systems. The ability to execute arbitrary commands as root could lead to data tampering, unauthorized surveillance, or disruption of lighting infrastructure. Although the attack requires adjacency, many corporate and industrial networks have segments where such devices reside alongside critical systems, increasing the risk of lateral movement. Confidentiality impact is limited but not negligible, as attackers could potentially exfiltrate sensitive configuration or network information. The lack of available patches or mitigations at present means organizations must proactively isolate these devices and monitor network traffic. Given the medium CVSS score, the threat is moderate but should not be underestimated in environments with high security requirements or critical infrastructure.

Mitigation Recommendations

1. Network Segmentation: Isolate Sight Bulb Pro devices on dedicated VLANs or network segments with strict access controls to prevent unauthorized adjacent network access. 2. Firewall Rules: Block inbound traffic to port 16668 from untrusted or unnecessary network segments to reduce exposure. 3. Network Monitoring: Deploy IDS/IPS solutions to detect anomalous JSON payloads or unusual traffic patterns targeting port 16668. 4. Device Hardening: Disable or restrict the proprietary TCP protocol if possible, or configure the device to require authentication for command execution. 5. Vendor Engagement: Engage with TrendMakers for firmware updates or patches addressing this vulnerability and apply them promptly once available. 6. Incident Response Preparation: Develop and test response plans for potential device compromise, including device isolation and forensic analysis. 7. User Awareness: Educate network administrators about the risk of adjacent network attacks and the importance of network segmentation for IoT devices. These measures go beyond generic advice by focusing on network architectural controls and proactive monitoring tailored to the specific protocol and device behavior.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
icscert
Date Reserved
2025-06-23T13:38:00.806Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 685ed3cb6f40f0eb7265567d

Added to database: 6/27/2025, 5:24:27 PM

Last enriched: 6/27/2025, 5:39:29 PM

Last updated: 7/18/2025, 10:14:14 PM

Views: 22

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats