SB2025070110 - Multiple vulnerabilities in TrendMakers Sight Bulb Pro

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025070110

SB2025070110 - Multiple vulnerabilities in TrendMakers Sight Bulb Pro

Published: July 1, 2025

Security Bulletin ID SB2025070110
Severity
Low
Patch available
NO
Number of vulnerabilities 2
Exploitation vector Adjecent network
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Use of a broken or risky cryptographic algorithm (CVE-ID: CVE-2025-6521)

The vulnerability allows a remote user to compromise the target system.

The vulnerability exists due to use of a broken or risky cryptographic algorithm. A remote administrator on the local network can decrypt communications and gain access to sensitive information on the system.


2) Command Injection (CVE-ID: CVE-2025-6522)

The vulnerability allows a remote user to execute arbitrary commands on the system.

The vulnerability exists due to insufficient input validation within proprietary TCP protocol. A remote administrator on the local network can pass specially crafted data to the application and execute arbitrary commands.


Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References