TrendMakers Sight Bulb Pro

MonitorCVSS 7.6ICS-CERT ICSA-25-177-02Jun 26, 2025

Attack path

Attack VectorAdjacent

Auth RequiredHigh

ComplexityLow

User InteractionRequired

Summary

The TrendMakers Sight Bulb Pro Firmware ZJ_CG32-2201 (versions 8.57.83 and earlier) contains two vulnerabilities: weak encryption (CWE-327) and command injection (CWE-77). During initial device setup, when the Sight Bulb Pro operates as a wireless access point, the encryption key is transmitted in cleartext over the network. An attacker with local network access during this setup phase could capture the key and execute arbitrary shell commands with root privileges on the device. TrendMakers has not responded to CISA coordination requests and has no planned fixes for this product line.

What this means

What could happen

An attacker with access to the local network during initial device setup could capture the unencrypted setup key and execute arbitrary commands on the Sight Bulb Pro as root, potentially altering device settings or disrupting operations.

Who's at risk

Organizations using TrendMakers Sight Bulb Pro lighting control devices, particularly those in facilities with physical security or network access controls during the initial deployment phase. This affects facility management, smart building automation, and any lighting control systems that rely on this product for operations.

How it could be exploited

The attacker must be on the same local network segment when the Sight Bulb Pro is in setup mode (acting as an access point). They can capture the encryption key sent in cleartext during setup, then use weak cryptography (CWE-327) or command injection (CWE-77) to execute arbitrary shell commands with root privileges.

Prerequisites

Physical or network proximity to the local network segment during device initial setup
Device must be in access point/setup mode
Ability to perform network packet capture or monitoring

No patch available (end-of-life product)Weak encryption (CWE-327)Command injection vulnerability (CWE-77)Requires local network access (limited remote exploitability)High CVSS score (7.6)Affects root-level access to device

Exploitability

Unlikely to be exploited — EPSS score 0.2%

Affected products (1)

ProductAffected VersionsFix Status

Sight Bulb Pro Firmware ZJ_CG32-2201: <=8.57.83≤ 8.57.83No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGRestrict physical and network access to the local network segment where Sight Bulb Pro devices are being set up; perform device initialization in an isolated, controlled environment or secure network

WORKAROUNDMonitor network traffic during Sight Bulb Pro setup for suspicious activity or unauthorized access attempts using network monitoring tools or intrusion detection systems

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGAfter device setup is complete, move the Sight Bulb Pro to your production network where only trusted personnel have network access

Long-term hardening

0/1

HOTFIXContact TrendMakers directly to inquire about firmware updates or security patches for the Sight Bulb Pro ZJ_CG32-2201 line

CVEs (2)

CVE-2025-6521 CVE-2025-6522

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/42466a92-8af3-4370-a73a-d4cee97d9925

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.