TrendMakers Sight Bulb Pro

Monitor7.6ICS-CERT ICSA-25-177-02Jun 26, 2025

Attack VectorAdjacent

Auth RequiredHigh

ComplexityLow

User InteractionRequired

Summary

TrendMakers Sight Bulb Pro firmware versions 8.57.83 and earlier contain two vulnerabilities: (1) CWE-327 (use of broken or risky cryptographic algorithm) where encryption keys are transmitted in cleartext during initial device setup when the bulb acts as an access point, and (2) CWE-77 (improper neutralization of special elements) allowing arbitrary shell command execution as root. Successful exploitation requires presence on the local network segment during device provisioning. TrendMakers has not responded to CISA coordination requests and no patch is available.

What this means

What could happen

An attacker on the local network can capture encryption keys during device setup and execute commands as root on the Sight Bulb Pro, potentially altering lighting configurations or accessing the device as a network pivot point.

Who's at risk

Facility managers and IT staff responsible for networked lighting control systems using TrendMakers Sight Bulb Pro firmware version 8.57.83 or earlier. This affects any organization using these devices for smart lighting, HVAC integration, or occupancy-based facility automation.

How it could be exploited

An attacker must be on the same local network segment as the Sight Bulb Pro during initial setup when it operates as an access point. The attacker can capture unencrypted key material in network traffic, then use it to authenticate and execute arbitrary shell commands with root privileges on the device.

Prerequisites

Physical or network access to the same local network segment
Presence during device initial setup/provisioning phase
Network packet capture capability

No patch availableWeak encryption key exchange during setupRoot command execution possibleLocal network access required

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (1)

ProductAffected VersionsFix Status

Sight Bulb Pro Firmware ZJ_CG32-2201: <=8.57.83≤ 8.57.83No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDPerform device setup in a physically isolated or air-gapped network segment; do not connect Sight Bulb Pro to the production network until setup is complete

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGMonitor network traffic on segments where Sight Bulb Pro devices are deployed using network intrusion detection or packet inspection to identify suspicious authentication attempts or unauthorized command execution

HARDENINGImplement network segmentation to restrict access to Sight Bulb Pro management interfaces and limit lateral movement from compromised devices to critical OT systems

Long-term hardening

0/1

HOTFIXContact TrendMakers directly to inquire about firmware updates or security patches that may address the weak encryption key exchange

CVEs (2)

CVE-2025-6521 CVE-2025-6522

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/42466a92-8af3-4370-a73a-d4cee97d9925