Vulnerabilities (CVE)

Filtered by vendor Trendnet Subscribe
Total 148 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-51188 1 Trendnet 6 Tew-651br, Tew-651br Firmware, Tew-652brp and 3 more 2025-04-01 N/A 4.8 MEDIUM
TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the vsRule_VirtualServerName_1.1.10.0.0 parameter on the /virtual_server.htm page.
CVE-2024-51187 1 Trendnet 6 Tew-651br, Tew-651br Firmware, Tew-652brp and 3 more 2025-04-01 N/A 4.8 MEDIUM
TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the firewallRule_Name_1.1.1.0.0 parameter on the /firewall_setting.htm page.
CVE-2024-42813 1 Trendnet 2 Tew-752dru, Tew-752dru Firmware 2025-04-01 N/A 9.8 CRITICAL
In TRENDnet TEW-752DRU FW1.03B01, there is a buffer overflow vulnerability due to the lack of length verification for the service field in gena.cgi. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands.
CVE-2024-28353 1 Trendnet 2 Tew-827dru, Tew-827dru Firmware 2025-04-01 N/A 8.8 HIGH
There is a command injection vulnerability in the TRENDnet TEW-827DRU router with firmware version 2.10B01. An attacker can inject commands into the post request parameters usapps.config.smb_admin_name in the apply.cgi interface, thereby gaining root shell privileges.
CVE-2024-28354 1 Trendnet 2 Tew-827dru, Tew-827dru Firmware 2025-04-01 N/A 10.0 CRITICAL
There is a command injection vulnerability in the TRENDnet TEW-827DRU router with firmware version 2.10B01. An attacker can inject commands into the post request parameters usapps.@smb[%d].username in the apply.cgi interface, thereby gaining root shell privileges.
CVE-2024-22546 1 Trendnet 2 Tew-815dap, Tew-815dap Firmware 2025-04-01 N/A 6.4 MEDIUM
TRENDnet TEW-815DAP 1.0.2.0 is vulnerable to Command Injection via the do_setNTP function. An authenticated attacker with administrator privileges can leverage this vulnerability over the network via a malicious POST request.
CVE-2023-51835 1 Trendnet 2 Tew-822dre, Tew-822dre Firmware 2025-04-01 N/A 6.8 MEDIUM
An issue in TRENDnet TEW-822DRE v.1.03B02 allows a local attacker to execute arbitrary code via the parameters ipv4_ping in the /boafrm/formSystemCheck.
CVE-2023-24099 1 Trendnet 2 Tew-820ap, Tew-820ap Firmware 2024-11-21 N/A 8.8 HIGH
TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the username parameter at /formWizardPassword. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2023-24095 1 Trendnet 2 Tew-820ap, Tew-820ap Firmware 2024-11-21 N/A 8.8 HIGH
TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the submit-url parameter at /formSystemCheck. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2022-47065 1 Trendnet 2 Tew-820ap, Tew-820ap Firmware 2024-11-21 N/A 8.8 HIGH
TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the submit-url parameter at /formNewSchedule. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2022-38556 1 Trendnet 2 Tew733gr, Tew733gr Firmware 2024-11-21 N/A 9.8 CRITICAL
Trendnet TEW733GR v1.03B01 contains a Static Default Credential vulnerability in /etc/init0.d/S80telnetd.sh.
CVE-2022-37053 1 Trendnet 2 Tew733gr, Tew733gr Firmware 2024-11-21 N/A 9.8 CRITICAL
TRENDnet TEW733GR v1.03B01 is vulnerable to Command injection via /htdocs/upnpinc/gena.php.
CVE-2022-35203 1 Trendnet 2 Tv-ip572pi, Tv-ip572pi Firmware 2024-11-21 N/A 7.2 HIGH
An access control issue in TrendNet TV-IP572PI v1.0 allows unauthenticated attackers to access sensitive system information.
CVE-2022-33007 1 Trendnet 4 Tew-751dr, Tew-751dr Firmware, Tew-752dru and 1 more 2024-11-21 5.8 MEDIUM 8.8 HIGH
TRENDnet Wi-Fi routers TEW751DR v1.03 and TEW-752DRU v1.03 were discovered to contain a stack overflow via the function genacgi_main.
CVE-2022-31875 1 Trendnet 2 Tv-ip110wn, Tv-ip110wn Firmware 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Trendnet IP-110wn camera fw_tv-ip110wn_v2(1.2.2.68) has an xss vulnerability via the proname parameter in /admin/scheprofile.cgi
CVE-2022-31873 1 Trendnet 2 Tv-ip110wn, Tv-ip110wn Firmware 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Trendnet IP-110wn camera fw_tv-ip110wn_v2(1.2.2.68) has an XSS vulnerability via the prefix parameter in /admin/general.cgi.
CVE-2022-30329 1 Trendnet 2 Tew-831dr, Tew-831dr Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. An OS injection vulnerability exists within the web interface, allowing an attacker with valid credentials to execute arbitrary shell commands.
CVE-2022-30328 1 Trendnet 2 Tew-831dr, Tew-831dr Firmware 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The username and password setup for the web interface does not require entering the existing password. A malicious user can change the username and password of the interface.
CVE-2022-30327 1 Trendnet 2 Tew-831dr, Tew-831dr Firmware 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The web interface is vulnerable to CSRF. An attacker can change the pre-shared key of the Wi-Fi router if the interface's IP address is known.
CVE-2022-30326 1 Trendnet 2 Tew-831dr, Tew-831dr Firmware 2024-11-21 3.5 LOW 5.4 MEDIUM
An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The network pre-shared key field on the web interface is vulnerable to XSS. An attacker can use a simple XSS payload to crash the basic.config page of the web interface.