CVE-2022-30326
Description
TRENDnet TEW-831DR router's web interface network pre-shared key field is vulnerable to stored XSS, allowing a crash of the basic.config page.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
TRENDnet TEW-831DR router's web interface network pre-shared key field is vulnerable to stored XSS, allowing a crash of the basic.config page.
Vulnerability
The TEW-831DR router firmware version 1.0 601.130.1.1356 contains a cross-site scripting (XSS) vulnerability in the network pre-shared key field on the web interface [2]. The input is not sanitized before being reflected, leading to script injection when the configuration page is rendered.
Exploitation
An attacker can inject a simple XSS payload into the pre-shared key field. No authentication or other special conditions are required to reach the vulnerable field; the attacker simply needs to submit the crafted payload through the web interface [2].
Impact
Successful exploitation crashes the basic.config page of the web interface, effectively preventing the administrator from viewing or modifying the network configuration [1][2]. This constitutes a denial-of-service condition that disrupts device management.
Mitigation
As of the publication date (June 16, 2022), no firmware update has been released to address this vulnerability [2]. Users are advised to restrict access to the web interface to trusted networks only until a patch becomes available.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
2News mentions
0No linked articles in our index yet.