Trendnet
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Trendnet product.
RSS Feeds for Trendnet security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in Trendnet products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by Trendnet Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2026 there have been 39 vulnerabilities in Trendnet with an average score of 7.3 out of ten. Last year, in 2025 Trendnet had 15 security vulnerabilities published. That is, 24 more vulnerabilities have already been reported in 2026 as compared to last year. Last year, the average CVE base score was greater by 0.32
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 39 | 7.30 |
| 2025 | 15 | 7.62 |
| 2024 | 21 | 9.06 |
| 2023 | 7 | 8.39 |
| 2022 | 21 | 9.75 |
It may take a day or so for new Trendnet vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Trendnet Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2026-10183 | May 31, 2026 |
Remote Stack Overflow in formWlanSetup of TRENDnet TEW-432BRP 3.10B20A vulnerability was identified in TRENDnet TEW-432BRP 3.10B20. This affects the function formWlanSetup of the file /goform/formWlanSetup. The manipulation of the argument enrollee leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be used. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer. |
Tew 432brp
|
| CVE-2026-10182 | May 31, 2026 |
TRENDnet TEW-432BRP 3.10B20 CmdInject via formWlanSetup (ENROLLEE)A vulnerability was determined in TRENDnet TEW-432BRP 3.10B20. The impacted element is the function formWlanSetup of the file /goform/formWlanSetup. Executing a manipulation of the argument enrollee can lead to command injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer. |
Tew 432brp
|
| CVE-2026-10181 | May 31, 2026 |
TRENDnet TEW-432BRP 3.10B20 stack-based buffer overflow in formSysCmd (remote)A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. The affected element is the function formSysCmd of the file /goform/formSysCmd. Performing a manipulation of the argument submit-url results in stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made public and could be used. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer. |
Tew 432brp
|
| CVE-2026-10180 | May 31, 2026 |
Command Injection in TRENDnet TEW-432BRP 3.10B20 via formSysCmd Remote ExploitA vulnerability has been found in TRENDnet TEW-432BRP 3.10B20. Impacted is the function formSysCmd of the file /goform/formSysCmd. Such manipulation of the argument sysCmd leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer. |
Tew 432brp
|
| CVE-2026-10179 | May 31, 2026 |
TRENDnet TEW-432BRP 3.10B20: Remote SB-Overflow in formSetWlanEncryptA flaw has been found in TRENDnet TEW-432BRP 3.10B20. This issue affects the function formSetWlanEncrypt of the file /goform/formSetWlanEncrypt. This manipulation of the argument webpage causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been published and may be used. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer. |
Tew 432brp
|
| CVE-2026-10162 | May 31, 2026 |
TRENDnet TEW-432BRP 3.10B20 - Remote Stack Buffer Overflow in goform/formSetPwdA flaw has been found in TRENDnet TEW-432BRP 3.10B20. This vulnerability affects the function formSetPassword of the file /goform/formSetPassword. Executing a manipulation of the argument webpage can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been published and may be used. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer. |
Tew 432brp
|
| CVE-2026-10161 | May 31, 2026 |
TRENDnet TEW-432BRP 3.10B20 Stack Buffer Overflow via formResetStatisticA vulnerability was detected in TRENDnet TEW-432BRP 3.10B20. This affects the function formResetStatistic of the file /goform/formResetStatistic. Performing a manipulation of the argument status_statistic results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer. |
Tew 432brp
|
| CVE-2026-10160 | May 31, 2026 |
TrendNet TEW-432BRP 3.10B20 Remote Stack Buffer Overflow via formSetEnableWizardA security vulnerability has been detected in TRENDnet TEW-432BRP 3.10B20. Affected by this issue is the function formSetEnableWizard of the file /goform/formSetEnableWizard. Such manipulation of the argument start_wizard leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer. |
Tew 432brp
|
| CVE-2026-10159 | May 31, 2026 |
TRENDnet TEW-432BRP 3.10B20: formSysLog stack buffer overflow (remote)A weakness has been identified in TRENDnet TEW-432BRP 3.10B20. Affected by this vulnerability is the function formSysLog of the file /goform/formSysLog. This manipulation of the argument current_page causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer. |
Tew 432brp
|
| CVE-2026-10158 | May 31, 2026 |
TRENDnet TEW-432BRP 3.10B20 stack overflow in formPortFwA security flaw has been discovered in TRENDnet TEW-432BRP 3.10B20. Affected is the function formPortFw of the file /goform/formPortFw. The manipulation of the argument server_name results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer. |
Tew 432brp
|
| CVE-2026-10123 | May 30, 2026 |
TRENDnet TEW-432BRP 3.10B20: stack-based buffer overflow in formSetDomainFilterA vulnerability was found in TRENDnet TEW-432BRP 3.10B20. This impacts the function formSetDomainFilter of the file /goform/formSetDomainFilter. Performing a manipulation of the argument blocked_domain/permitted_domain/blocked_domain_list/permitted_domain_list results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer. |
Tew 432brp
|
| CVE-2026-10122 | May 30, 2026 |
TRENDnet TEW-432BRP 3.10B20 Stack Buffer Overflow in formSetProtocolFilterA vulnerability has been found in TRENDnet TEW-432BRP 3.10B20. This affects the function formSetProtocolFilter of the file /goform/formSetProtocolFilter. Such manipulation of the argument protocol_name leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer. |
Tew 432brp
|
| CVE-2026-10121 | May 30, 2026 |
TRENDnet TEW-432BRP 3.10B20 RCE via formSetUrlFilter Stack Overfl.A flaw has been found in TRENDnet TEW-432BRP 3.10B20. The impacted element is the function formSetUrlFilter of the file /goform/formSetUrlFilter. This manipulation of the argument keyword_list/keyword causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer. |
Tew 432brp
|
| CVE-2026-10120 | May 30, 2026 |
TRENDnet TEW-432BRP 3.10B20 stack-based buffer overflow in formSetFirewallRuleA vulnerability was detected in TRENDnet TEW-432BRP 3.10B20. The affected element is the function formSetFirewallRule of the file /goform/formSetFirewallRule. The manipulation of the argument firewall_name results in stack-based buffer overflow. The attack can be executed remotely. The exploit is now public and may be used. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer. |
Tew 432brp
|
| CVE-2026-10119 | May 30, 2026 |
Trendnet TEW-432BRP 3.10B20 FormSetMACFilter Stack Buffer OverflowA security vulnerability has been detected in TRENDnet TEW-432BRP 3.10B20. Impacted is the function formSetMACFilter of the file /goform/formSetMACFilter. The manipulation of the argument filter_name leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer. |
Tew 432brp
|
| CVE-2026-10064 | May 29, 2026 |
TRENDnet TEW-432BRP 3.10B20 Stack Based Buffer Overflow in formSetPortTrA security flaw has been discovered in TRENDnet TEW-432BRP 3.10B20. This affects the function formSetPortTr of the file /goform/formSetPortTr. Performing a manipulation of the argument special_name results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer. |
Tew 432brp
|
| CVE-2026-10063 | May 29, 2026 |
TRENDnet TEW-432BRP 3.10B20 Stack Buffer Overflow in formWPSA vulnerability was identified in TRENDnet TEW-432BRP 3.10B20. Affected by this issue is the function formWPS of the file /goform/formWPS. Such manipulation of the argument peerPin leads to stack-based buffer overflow. The attack may be performed from remote. The exploit is publicly available and might be used. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer. |
Tew 432brp
|
| CVE-2026-10062 | May 29, 2026 |
TRENDnet TEW-432BRP 3.10B20 - formSetRoute Stack Overflow RemoteA vulnerability was determined in TRENDnet TEW-432BRP 3.10B20. Affected by this vulnerability is the function formSetRoute of the file /goform/formSetRoute. This manipulation of the argument ip/mask/gateway causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer. |
Tew 432brp
|
| CVE-2026-10061 | May 29, 2026 |
Command Injection in TRENDnet TEW-432BRP 3.10B20 formWPS (peerPin)A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. Affected is the function formWPS of the file /goform/formWPS. The manipulation of the argument peerPin results in command injection. The attack can be executed remotely. The exploit has been made public and could be used. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer. |
Tew 432brp
|
| CVE-2026-10060 | May 29, 2026 |
TRENDnet TEW-432BRP v3.10B20 cmd injection in formSetRouteA vulnerability has been found in TRENDnet TEW-432BRP 3.10B20. This impacts the function formSetRoute of the file /goform/formSetRoute. The manipulation of the argument ip/mask/gateway leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer. |
Tew 432brp
|
| CVE-2026-7611 | May 02, 2026 |
TRENDnet TEW-821DAP Firmware Update Handler auth bypass up to 1.12B01A vulnerability was found in TRENDnet TEW-821DAP up to 1.12B01. This impacts the function platform_do_upgrade_cameo_dev of the file cameo_dev.sh of the component Firmware Update Handler. Performing a manipulation results in insufficient verification of data authenticity. The attack is possible to be carried out remotely. The complexity of an attack is rather high. The exploitability is said to be difficult. The vendor explains: "That firmware version will only work on our hardware version v1.xR. We have already EOL that product 8 years ago and are no longer selling". This vulnerability only affects products that are no longer supported by the maintainer. |
Tew 821dap Firmware
|
| CVE-2026-7610 | May 02, 2026 |
TRENDnet TEW-821DAP 1.12B01 cgi/ssi Firmware Update Cleartext LeakA vulnerability has been found in TRENDnet TEW-821DAP 1.12B01. This affects an unknown function of the file /www/cgi/ssi of the component Firmware Update. Such manipulation leads to cleartext transmission of sensitive information. The attack can be executed remotely. This attack is characterized by high complexity. The exploitability is reported as difficult. The exploit has been disclosed to the public and may be used. The vendor explains: "That firmware version will only work on our hardware version v1.xR. We have already EOL that product 8 years ago and are no longer selling". This vulnerability only affects products that are no longer supported by the maintainer. |
Tew 821dap Firmware
|
| CVE-2026-7609 | May 02, 2026 |
TRENDnet TEW-821DAP OS Command Injection via tools_diagnostic (1.12B01)A flaw has been found in TRENDnet TEW-821DAP up to 1.12B01. The impacted element is the function tools_diagnostic of the file /tmp/diagnostic of the component Firmware Udpate. This manipulation causes os command injection. Remote exploitation of the attack is possible. The exploit has been published and may be used. The vendor explains: "That firmware version will only work on our hardware version v1.xR. We have already EOL that product 8 years ago and are no longer selling". This vulnerability only affects products that are no longer supported by the maintainer. |
Tew 821dap Firmware
|
| CVE-2026-7608 | May 02, 2026 |
TRENDnet TEW-821DAP <=1.12B01: tools_diagnostic OS Command InjectionA vulnerability was detected in TRENDnet TEW-821DAP up to 1.12B01. The affected element is the function tools_diagnostic. The manipulation results in os command injection. The exploit is now public and may be used. The vendor explains: "That firmware version will only work on our hardware version v1.xR. We have already EOL that product 8 years ago and are no longer selling". This vulnerability only affects products that are no longer supported by the maintainer. |
Tew 821dap Firmware
|
| CVE-2026-7607 | May 02, 2026 |
TRENDnet TEW-821DAP 1.12B01 buf overflow in Firmware Upd auto_update_firmwareA security vulnerability has been detected in TRENDnet TEW-821DAP 1.12B01. Impacted is the function auto_update_firmware of the component Firmware Udpate. The manipulation of the argument str leads to buffer overflow. The attack may be initiated remotely. The vendor explains: "That firmware version will only work on our hardware version v1.xR. We have already EOL that product 8 years ago and are no longer selling". This vulnerability only affects products that are no longer supported by the maintainer. |
Tew 821dap Firmware
|
| CVE-2026-7606 | May 02, 2026 |
TRENDnet TEW-821DAP 1.12B01 Firmware Update Auth Verification BypassA weakness has been identified in TRENDnet TEW-821DAP 1.12B01. This issue affects the function find_hwid/new_gui_update_firmware of the component Firmware Update Handler. Executing a manipulation of the argument dest can lead to insufficient verification of data authenticity. The attack can be launched remotely. Attacks of this nature are highly complex. The exploitability is assessed as difficult. The vendor explains: "That firmware version will only work on our hardware version v1.xR. We have already EOL that product 8 years ago and are no longer selling". This vulnerability only affects products that are no longer supported by the maintainer. |
Tew 821dap Firmware
|
| CVE-2026-5355 | Apr 02, 2026 |
Trendnet TEW-657BRM 1.00.1 OS Shell Injection via vpn_drop policy_nameA vulnerability has been found in Trendnet TEW-657BRM 1.00.1. Affected by this issue is the function vpn_drop of the file /setup.cgi. The manipulation of the argument policy_name leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor confirms, that "[t]he product in question (...) has been discontinued and end of life since June 23, 2011, that is more than 14 years ago. We no longer provide support for this product, so we are not able to confirm the vulnerabilities. We will make an announcement on our website's product support page and notify customers who registered their products with us." This vulnerability only affects products that are no longer supported by the maintainer. |
Tew 657brm Firmware
|
| CVE-2026-5354 | Apr 02, 2026 |
Trendnet TEW-657BRM 1.00.1 Remote OS-CI via vpn_connect in setup.cgiA flaw has been found in Trendnet TEW-657BRM 1.00.1. Affected by this vulnerability is the function vpn_connect of the file /setup.cgi. Executing a manipulation of the argument policy_name can lead to os command injection. The attack can be executed remotely. The exploit has been published and may be used. The vendor confirms, that "[t]he product in question (...) has been discontinued and end of life since June 23, 2011, that is more than 14 years ago. We no longer provide support for this product, so we are not able to confirm the vulnerabilities. We will make an announcement on our website's product support page and notify customers who registered their products with us." This vulnerability only affects products that are no longer supported by the maintainer. |
Tew 657brm Firmware
|
| CVE-2026-5353 | Apr 02, 2026 |
Trendnet TEW-657BRM 1.00.1 - OS Command Injection via c4_IPAddr in /setup.cgiA vulnerability was detected in Trendnet TEW-657BRM 1.00.1. Affected is the function ping_test of the file /setup.cgi. Performing a manipulation of the argument c4_IPAddr results in os command injection. Remote exploitation of the attack is possible. The exploit is now public and may be used. The vendor confirms, that "[t]he product in question (...) has been discontinued and end of life since June 23, 2011, that is more than 14 years ago. We no longer provide support for this product, so we are not able to confirm the vulnerabilities. We will make an announcement on our website's product support page and notify customers who registered their products with us." This vulnerability only affects products that are no longer supported by the maintainer. |
Tew 657brm Firmware
|
| CVE-2026-5352 | Apr 02, 2026 |
Trendnet TEW-657BRM 1.00.1: OS Command Injection via /setup.cgi pcdb_listA security vulnerability has been detected in Trendnet TEW-657BRM 1.00.1. This impacts the function Edit of the file /setup.cgi. Such manipulation of the argument pcdb_list leads to os command injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor confirms, that "[t]he product in question (...) has been discontinued and end of life since June 23, 2011, that is more than 14 years ago. We no longer provide support for this product, so we are not able to confirm the vulnerabilities. We will make an announcement on our website's product support page and notify customers who registered their products with us." This vulnerability only affects products that are no longer supported by the maintainer. |
Tew 657brm Firmware
|
| CVE-2026-5351 | Apr 02, 2026 |
Trendnet TEW-657BRM 1.00.1: OS Command Injection via add_wps_clientA weakness has been identified in Trendnet TEW-657BRM 1.00.1. This affects the function add_wps_client of the file /setup.cgi. This manipulation of the argument wl_enrolee_pin causes os command injection. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor confirms, that "[t]he product in question (...) has been discontinued and end of life since June 23, 2011, that is more than 14 years ago. We no longer provide support for this product, so we are not able to confirm the vulnerabilities. We will make an announcement on our website's product support page and notify customers who registered their products with us." This vulnerability only affects products that are no longer supported by the maintainer. |
Tew 657brm Firmware
|
| CVE-2026-5350 | Apr 02, 2026 |
Trendnet TEW-657BRM 1.00.1 RC: buffer overflow in update_pcdbA security flaw has been discovered in Trendnet TEW-657BRM 1.00.1. The impacted element is the function update_pcdb of the file /setup.cgi. The manipulation of the argument mac_pc_dba results in stack-based buffer overflow. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor confirms, that "[t]he product in question (...) has been discontinued and end of life since June 23, 2011, that is more than 14 years ago. We no longer provide support for this product, so we are not able to confirm the vulnerabilities. We will make an announcement on our website's product support page and notify customers who registered their products with us." This vulnerability only affects products that are no longer supported by the maintainer. |
Tew 657brm Firmware
|
| CVE-2026-5349 | Apr 02, 2026 |
Trendnet TEW-657BRM 1.00.1 Remote Stack Buffer Overflow in add_apcdb (/setup.cgi)A vulnerability was identified in Trendnet TEW-657BRM 1.00.1. The affected element is the function add_apcdb of the file /setup.cgi. The manipulation of the argument mac_pc_dba leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor confirms, that "[t]he product in question (...) has been discontinued and end of life since June 23, 2011, that is more than 14 years ago. We no longer provide support for this product, so we are not able to confirm the vulnerabilities. We will make an announcement on our website's product support page and notify customers who registered their products with us." This vulnerability only affects products that are no longer supported by the maintainer. |
Tew 657brm Firmware
|
| CVE-2026-5184 | Mar 31, 2026 |
TRENDnet TEW-713RE 1.02 - Command Injection via /goform/setSysAdmA vulnerability was identified in TRENDnet TEW-713RE up to 1.02. The impacted element is an unknown function of the file /goform/setSysAdm. The manipulation of the argument admuser leads to command injection. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. |
Tew 713re Firmware
|
| CVE-2026-5183 | Mar 31, 2026 |
cmd injection in /goform/addRouting of TRENDnet TEW-713RE <1.02A vulnerability was determined in TRENDnet TEW-713RE up to 1.02. The affected element is the function sub_421494 of the file /goform/addRouting. Executing a manipulation of the argument dest can lead to command injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. |
Tew 713re Firmware
|
| CVE-2026-4354 | Mar 17, 2026 |
XSS in Trendnet TEW-824DRU Web Interface apply_sec.cgi 1.010B01A vulnerability was identified in TRENDnet TEW-824DRU 1.010B01/1.04B01. The impacted element is the function sub_420A78 of the file apply_sec.cgi of the component Web Interface. Such manipulation of the argument Language leads to cross site scripting. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. |
Tew 824dru Firmware
|
| CVE-2026-4172 | Mar 15, 2026 |
TRENDnet TEW-632BRP 1.010B32 Buffer Overflow in /ping_response.cgi (remote)A vulnerability was detected in TRENDnet TEW-632BRP 1.010B32. This affects an unknown part of the file /ping_response.cgi of the component HTTP POST Request Handler. The manipulation of the argument ping_ipaddr results in stack-based buffer overflow. The attack may be performed from remote. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. |
Tew 632brp Firmware
|
| CVE-2025-15472 | Jan 06, 2026 |
OS Command Injection in TRENDnet TEW-811DRU 1.0.2.0 uapply.cgiA flaw has been found in TRENDnet TEW-811DRU 1.0.2.0. This affects the function setDeviceURL of the file uapply.cgi of the component httpd . This manipulation of the argument DeviceURL causes os command injection. The attack can be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. |
Tew 811dru Firmware
|
| CVE-2025-15471 | Jan 06, 2026 |
TRENDnet TEW-713RE 1.02 CMD Injection via /goformX/formFSrvX SZCMDA vulnerability was detected in TRENDnet TEW-713RE 1.02. The impacted element is an unknown function of the file /goformX/formFSrvX. The manipulation of the argument SZCMD results in os command injection. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor confirms: "The product in question TEW-731RE for CVE-2025-15471 has been discontinued and end of life since October 23, 2020. We no longer provide support for this product, so we are not able to confirm the vulnerabilities. We will make an announcement on the website product support page and notify customers who registered their products with us." This vulnerability only affects products that are no longer supported by the maintainer. |
Tew 713re Firmware
|
| CVE-2021-47745 | Dec 31, 2025 |
Cypress Solutions CTM-200 2.7.1 contains an authenticated command injection vulnerability in the firmware upgrade scriptCypress Solutions CTM-200 2.7.1 contains an authenticated command injection vulnerability in the firmware upgrade script that allows remote attackers to execute shell commands. Attackers can exploit the 'fw_url' parameter in the ctm-config-upgrade.sh script to inject and execute arbitrary commands with root privileges. |
Tn 200 Firmware
|
| CVE-2025-15139 | Dec 28, 2025 |
A vulnerability has been found in TRENDnet TEW-822DRE 1.00B21/1.01B06A vulnerability has been found in TRENDnet TEW-822DRE 1.00B21/1.01B06. This affects the function sub_43ACF4 of the file /boafrm/formWsc. Such manipulation of the argument peerPin leads to command injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. |
Tew 822dre Firmware
|
| CVE-2025-15137 | Dec 28, 2025 |
A vulnerability was detected in TRENDnet TEW-800MB 1.0.1.0A vulnerability was detected in TRENDnet TEW-800MB 1.0.1.0. Affected by this vulnerability is the function sub_F934 of the file NTPSyncWithHost.cgi. The manipulation results in command injection. The attack may be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. |
Tew 800mb Firmware
|
| CVE-2025-15136 | Dec 28, 2025 |
Command Injection in TRENDnet TEW-800MB 1.0.1.0 Management InterfaceA security vulnerability has been detected in TRENDnet TEW-800MB 1.0.1.0. Affected is the function do_setWizard_asp of the file /goform/wizardset of the component Management Interface. The manipulation of the argument WizardConfigured leads to command injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. |
Tew 800mb Firmware
|
| CVE-2025-44649 | Jul 21, 2025 |
TRENDnet TEW-WLC100P 2.03b03 racoon default aggressive IKE modeIn the configuration file of racoon in the TRENDnet TEW-WLC100P 2.03b03, the first item of exchage_mode is set to aggressive. Aggressive mode in IKE Phase 1 exposes identity information in plaintext, is vulnerable to offline dictionary attacks, and lacks flexibility in negotiating security parameters. |
Tew Wlc100p Firmware
|
| CVE-2025-44647 | Jul 21, 2025 |
TRENDnet TEW-WLC100P 2.03b03: strongSwan Aggressive Mode PSK config flawIn TRENDnet TEW-WLC100P 2.03b03, the i_dont_care_about_security_and_use_aggressive_mode_psk option is enabled in the strongSwan configuration file, so that IKE Responders are allowed to use IKEv1 Aggressive Mode with Pre-Shared Keys to conduct offline attacks on the openly transmitted hash of the PSK. |
Tew Wlc100p Firmware
|
| CVE-2025-44651 | Jul 21, 2025 |
TRENDnet TPL-430AP FW1.0 USERLIMIT_GLOBAL allows DoS via unlimited usersIn TRENDnet TPL-430AP FW1.0, the USERLIMIT_GLOBAL option is set to 0 in the bftpd-related configuration file. This can cause DoS attacks when unlimited users are connected. |
Tpl 430ap Firmware
|
| CVE-2025-2959 | Mar 30, 2025 |
TRENDnet TEW-410APB 1.3.06b: HTTPD Nullderef via sub_4019A0, LAN-OnlyA vulnerability was found in TRENDnet TEW-410APB 1.3.06b. It has been rated as problematic. Affected by this issue is the function sub_4019A0 of the file /usr/sbin/httpd of the component HTTP Request Handler. The manipulation leads to null pointer dereference. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. |
Tew 410apb Firmware
|
| CVE-2025-2958 | Mar 30, 2025 |
TRENDnet TEW-818DRU 1.0.14.6 httpd DoS via local HTTP req.A vulnerability was found in TRENDnet TEW-818DRU 1.0.14.6. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /usr/sbin/httpd of the component HTTP Request Handler. The manipulation leads to denial of service. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. |
Tew 818dru Firmware
|
| CVE-2025-25428 | Feb 28, 2025 |
TRENDnet TEW-929DRU 1.0.0.10 Hardcoded Root Password VulnerabilityTRENDnet TEW-929DRU 1.0.0.10 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. |
Tew 929dru Firmware
|
| CVE-2025-25429 | Feb 28, 2025 |
Trendnet TEW-929DRU 1.0.0.10 Stored XSS via r_name in addschedule.htmTrendnet TEW-929DRU 1.0.0.10 contains a Stored Cross-site Scripting (XSS) vulnerability via the r_name variable inside the have_same_name function on the /addschedule.htm page. |
Tew 929dru Firmware
|