CVE-2022-30327

Vulnerability

A cross-site request forgery (CSRF) vulnerability exists in the web interface of TRENDnet TEW-831DR routers running firmware version 1.0 601.130.1.1356 [1]. The vulnerability allows an attacker to change the Wi-Fi pre-shared key without proper CSRF protection, requiring the attacker to know the router's IP address [1].

Exploitation

An attacker can exploit this by sending a crafted HTTP request to the router's web interface, typically by tricking an authenticated administrator into visiting a malicious page while logged into the router's interface [1]. No additional authentication is needed beyond the victim's active session. The attacker must know the router's IP address to direct the request [1].

Impact

Successful exploitation allows the attacker to change the pre-shared key of the Wi-Fi router [1]. This can lead to unauthorized access to the Wi-Fi network, potential data interception, or denial of service for legitimate users who can no longer connect with the old key [1].

Mitigation

As of the publication date, no fixed firmware version has been announced by TRENDnet. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog. Users are advised to avoid logging into the router's web interface while visiting other websites, or to use a separate browser for router administration. However, these are temporary workarounds; a firmware update is recommended when available [1].