Vendor CVEs
Trendnet
All CVEs
213 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-4354 | Low | 0.23 | 3.5 | 0.00 | Mar 18, 2026 | A vulnerability was identified in TRENDnet TEW-824DRU 1.010B01/1.04B01. The impacted element is the function sub_420A78 of the file apply_sec.cgi of the component Web Interface. Such manipulation of the argument Language leads to cross site scripting. It is possible to launch… | ||
| CVE-2012-4876 | 0.09 | — | 0.71 | Sep 6, 2012 | Stack-based buffer overflow in the UltraMJCam ActiveX Control in TRENDnet SecurView TV-IP121WN Wireless Internet Camera allows remote attackers to execute arbitrary code via a long string to the OpenFileDlg method. | |||
| CVE-2021-20158 | 0.07 | — | 0.11 | Dec 30, 2021 | Trendnet AC2600 TEW-827DRU version 2.08B01 contains an authentication bypass vulnerability. It is possible for an unauthenticated, malicous actor to force the change of the admin password due to a hidden administrative command. | |||
| CVE-2023-49237 | 0.06 | — | 0.19 | Jan 9, 2024 | An issue was discovered on TRENDnet TV-IP1314PI 5.5.3 200714 devices. Command injection can occur because the system function is used by davinci to unpack language packs without strict filtering of URL strings. | |||
| CVE-2021-20150 | 0.05 | — | 0.40 | Dec 30, 2021 | Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses information via redirection from the setup wizard. Authentication can be bypassed and a user may view information as Admin by manually browsing to the setup wizard and forcing it to redirect to the desired page. | |||
| CVE-2024-0918 | 0.04 | — | 0.25 | Jan 26, 2024 | A vulnerability was found in TRENDnet TEW-800MB 1.0.1.0 and classified as critical. Affected by this issue is some unknown functionality of the component POST Request Handler. The manipulation of the argument DeviceURL leads to os command injection. The attack may be launched… | |||
| CVE-2019-13278 | 0.04 | — | 0.09 | Jul 10, 2019 | TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple command injections when processing user input for the setup wizard, allowing an unauthenticated user to run arbitrary commands on the device. The vulnerability can be exercised on the local intranet… | |||
| CVE-2014-10011 | 0.04 | — | 0.10 | Jan 13, 2015 | Stack-based buffer overflow in UltraCamLib in the UltraCam ActiveX Control (UltraCamX.ocx) for the TRENDnet SecurView camera TV-IP422WN allows remote attackers to execute arbitrary code via a long string to the (1) CGI_ParamSet, (2) OpenFileDlg, (3) SnapFileName, (4) Password,… | |||
| CVE-2024-0919 | 0.03 | — | 0.23 | Jan 26, 2024 | A vulnerability was found in TRENDnet TEW-815DAP 1.0.2.0. It has been classified as critical. This affects the function do_setNTP of the component POST Request Handler. The manipulation of the argument NtpDstStart/NtpDstEnd leads to command injection. It is possible to initiate… | |||
| CVE-2013-3365 | 0.03 | — | 0.04 | Feb 4, 2014 | TRENDnet TEW-812DRU router allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) wan network prefix to internet/ipv6.asp; (2) remote port to adm/management.asp; (3) pptp username, (4) pptp password, (5) ip, (6) gateway, (7) l2tp… | |||
| CVE-2013-3098 | 0.03 | — | 0.01 | Feb 4, 2014 | Multiple cross-site request forgery (CSRF) vulnerabilities in TRENDnet TEW-812DRU router with firmware before 1.0.9.0 allow remote attackers to hijack the authentication of administrators for requests that (1) change admin credentials in a request to setSysAdm.cgi, (2) enable… | |||
| CVE-2024-37642 | 0.02 | — | 0.11 | Jun 14, 2024 | TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a command injection vulnerability via the ipv4_ping, ipv6_ping parameter at /formSystemCheck . | |||
| CVE-2024-50667 | 0.01 | — | 0.06 | Nov 11, 2024 | The boa httpd of Trendnet TEW-820AP 1.01.B01 has a stack overflow vulnerability in /boafrm/formIPv6Addr, /boafrm/formIpv6Setup, /boafrm/formDnsv6. The reason is that the check of ipv6 address is not sufficient, which allows attackers to construct payloads for attacks. | |||
| CVE-2022-46598 | 0.01 | — | 0.02 | Dec 30, 2022 | TRENDnet TEW755AP 1.13B01 was discovered to contain a command injection vulnerability via the wps_sta_enrollee_pin parameter in the action set_sta_enrollee_pin_5g function. | |||
| CVE-2022-46597 | 0.01 | — | 0.02 | Dec 30, 2022 | TRENDnet TEW755AP 1.13B01 was discovered to contain a command injection vulnerability via the sys_service parameter in the setup_wizard_mydlink (sub_4104B8) function. | |||
| CVE-2022-37053 | 0.01 | — | 0.03 | Aug 28, 2022 | TRENDnet TEW733GR v1.03B01 is vulnerable to Command injection via /htdocs/upnpinc/gena.php. | |||
| CVE-2021-20160 | 0.01 | — | 0.03 | Dec 30, 2021 | Trendnet AC2600 TEW-827DRU version 2.08B01 contains a command injection vulnerability in the smb functionality of the device. The username parameter used when configuring smb functionality for the device is vulnerable to command injection as root. | |||
| CVE-2021-20159 | 0.01 | — | 0.03 | Dec 30, 2021 | Trendnet AC2600 TEW-827DRU version 2.08B01 is vulnerable to command injection. The system log functionality of the firmware allows for command injection as root by supplying a malformed parameter. | |||
| CVE-2020-14076 | 0.01 | — | 0.03 | Jun 15, 2020 | TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action st_dev_connect, st_dev_disconnect, or st_dev_rconnect with a… | |||
| CVE-2020-14075 | 0.01 | — | 0.03 | Jun 15, 2020 | TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action pppoe_connect, ru_pppoe_connect, or dhcp_connect with the key wan_ifname (or wan0_dns), allowing an authenticated user to run arbitrary commands on the device. | |||
| CVE-2020-14081 | 0.01 | — | 0.02 | Jun 15, 2020 | TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action send_log_email with the key auth_acname (or auth_passwd), allowing an authenticated user to run arbitrary commands on the device. | |||
| CVE-2019-11400 | 0.01 | — | 0.17 | Dec 18, 2019 | An issue was discovered on TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices. A buffer overflow occurs through the get_set.ccp ccp_act parameter. | |||
| CVE-2019-13155 | 0.01 | — | 0.02 | Jul 2, 2019 | An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the IP Address in Add Virtual Server. | |||
| CVE-2019-13154 | 0.01 | — | 0.02 | Jul 2, 2019 | An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the TCP Ports To Open in Add Gaming Rule. | |||
| CVE-2019-13153 | 0.01 | — | 0.02 | Jul 2, 2019 | An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the Private Port in Add Virtual Server. | |||
| CVE-2019-13152 | 0.01 | — | 0.02 | Jul 2, 2019 | An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the IP Address in Add Gaming Rule. | |||
| CVE-2019-13151 | 0.01 | — | 0.02 | Jul 2, 2019 | An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the action set_sta_enrollee_pin_5g and the key wps_sta_enrollee_pin. | |||
| CVE-2019-13150 | 0.01 | — | 0.02 | Jul 2, 2019 | An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication). The command injection exists in the key ip_addr. | |||
| CVE-2019-13149 | 0.01 | — | 0.02 | Jul 2, 2019 | An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the key passwd in Routing RIP Settings. | |||
| CVE-2019-13148 | 0.01 | — | 0.02 | Jul 2, 2019 | An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the UDP Ports To Open in Add Gaming Rule. | |||
| CVE-2025-15472 | 0.00 | — | 0.20 | Jan 6, 2026 | A flaw has been found in TRENDnet TEW-811DRU 1.0.2.0. This affects the function setDeviceURL of the file uapply.cgi of the component httpd . This manipulation of the argument DeviceURL causes os command injection. The attack can be initiated remotely. The exploit has been… | |||
| CVE-2025-15471 | 0.00 | — | 0.12 | Jan 6, 2026 | A vulnerability was detected in TRENDnet TEW-713RE 1.02. The impacted element is an unknown function of the file /goformX/formFSrvX. The manipulation of the argument SZCMD results in os command injection. It is possible to launch the attack remotely. The exploit is now public… | |||
| CVE-2025-15137 | 0.00 | — | 0.10 | Dec 28, 2025 | A vulnerability was detected in TRENDnet TEW-800MB 1.0.1.0. Affected by this vulnerability is the function sub_F934 of the file NTPSyncWithHost.cgi. The manipulation results in command injection. The attack may be launched remotely. The exploit is now public and may be used.… | |||
| CVE-2025-15136 | 0.00 | — | 0.10 | Dec 28, 2025 | A security vulnerability has been detected in TRENDnet TEW-800MB 1.0.1.0. Affected is the function do_setWizard_asp of the file /goform/wizardset of the component Management Interface. The manipulation of the argument WizardConfigured leads to command injection. The attack may… | |||
| CVE-2025-65202 | 0.00 | — | 0.07 | Nov 26, 2025 | TRENDnet TEW-657BRM 1.00.1 has an authenticated remote OS command injection vulnerability in the setup.cgi binary, exploitable via the HTTP parameters "command", "todo", and "next_file," which allows an attacker to execute arbitrary commands with root privileges. | |||
| CVE-2024-46484 | 0.00 | — | 0.01 | Aug 29, 2025 | TRENDnet TV-IP410 vA1.0R was discovered to contain an OS command injection vulnerability via the /server/cgi-bin/testserv.cgi component. | |||
| CVE-2025-44649 | 0.00 | — | 0.00 | Jul 21, 2025 | In the configuration file of racoon in the TRENDnet TEW-WLC100P 2.03b03, the first item of exchage_mode is set to aggressive. Aggressive mode in IKE Phase 1 exposes identity information in plaintext, is vulnerable to offline dictionary attacks, and lacks flexibility in… | |||
| CVE-2025-44647 | 0.00 | — | 0.00 | Jul 21, 2025 | In TRENDnet TEW-WLC100P 2.03b03, the i_dont_care_about_security_and_use_aggressive_mode_psk option is enabled in the strongSwan configuration file, so that IKE Responders are allowed to use IKEv1 Aggressive Mode with Pre-Shared Keys to conduct offline attacks on the openly… | |||
| CVE-2025-44651 | 0.00 | — | 0.01 | Jul 21, 2025 | In TRENDnet TPL-430AP FW1.0, the USERLIMIT_GLOBAL option is set to 0 in the bftpd-related configuration file. This can cause DoS attacks when unlimited users are connected. | |||
| CVE-2025-2960 | 0.00 | — | 0.01 | Mar 30, 2025 | A vulnerability classified as problematic has been found in TRENDnet TEW-637AP and TEW-638APB 1.2.7/1.3.0.106. This affects the function sub_41DED0 of the file /bin/goahead of the component HTTP Request Handler. The manipulation leads to null pointer dereference. Access to the… | |||
| CVE-2025-2959 | 0.00 | — | 0.01 | Mar 30, 2025 | A vulnerability was found in TRENDnet TEW-410APB 1.3.06b. It has been rated as problematic. Affected by this issue is the function sub_4019A0 of the file /usr/sbin/httpd of the component HTTP Request Handler. The manipulation leads to null pointer dereference. The attack needs… | |||
| CVE-2025-2958 | 0.00 | — | 0.01 | Mar 30, 2025 | A vulnerability was found in TRENDnet TEW-818DRU 1.0.14.6. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /usr/sbin/httpd of the component HTTP Request Handler. The manipulation leads to denial of service. The attack… | |||
| CVE-2025-25430 | 0.00 | — | 0.00 | Feb 28, 2025 | Trendnet TEW-929DRU 1.0.0.10 contains a Stored Cross-site Scripting (XSS) vulnerability via the configname parameter on the /cbi_addcert.htm page. | |||
| CVE-2025-25431 | 0.00 | — | 0.00 | Feb 28, 2025 | Trendnet TEW-929DRU 1.0.0.10 contains a Stored Cross-site Scripting (XSS) vulnerability via the The ssid key of wifi_data parameter on the /captive_portal.htm page. | |||
| CVE-2025-25428 | 0.00 | — | 0.00 | Feb 28, 2025 | TRENDnet TEW-929DRU 1.0.0.10 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. | |||
| CVE-2025-25429 | 0.00 | — | 0.00 | Feb 28, 2025 | Trendnet TEW-929DRU 1.0.0.10 contains a Stored Cross-site Scripting (XSS) vulnerability via the r_name variable inside the have_same_name function on the /addschedule.htm page. | |||
| CVE-2025-25523 | 0.00 | — | 0.00 | Feb 11, 2025 | Buffer overflow vulnerability in Trendnet TEG-40128 Web Smart Switch v1(1.00.023) due to the lack of length verification, which is related to the mobile access point setup operation. The attacker can directly control the remote target device by successfully exploiting this… | |||
| CVE-2024-57590 | 0.00 | — | 0.01 | Jan 27, 2025 | TRENDnet TEW-632BRP v1.010B31 devices have an OS command injection vulnerability in the CGl interface "ntp_sync.cgi",which allows remote attackers to execute arbitrary commands via parameter "ntp_server" passed to the "ntp_sync.cgi" binary through a POST request. | |||
| CVE-2024-51189 | 0.00 | — | 0.00 | Nov 11, 2024 | TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the macList_Name_1.1.1.0.0 parameter on the /filters.htm page. | |||
| CVE-2024-51187 | 0.00 | — | 0.00 | Nov 11, 2024 | TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the firewallRule_Name_1.1.1.0.0 parameter on the /firewall_setting.htm page. |
- risk 0.23cvss 3.5epss 0.00
A vulnerability was identified in TRENDnet TEW-824DRU 1.010B01/1.04B01. The impacted element is the function sub_420A78 of the file apply_sec.cgi of the component Web Interface. Such manipulation of the argument Language leads to cross site scripting. It is possible to launch…
- CVE-2012-4876Sep 6, 2012risk 0.09cvss —epss 0.71
Stack-based buffer overflow in the UltraMJCam ActiveX Control in TRENDnet SecurView TV-IP121WN Wireless Internet Camera allows remote attackers to execute arbitrary code via a long string to the OpenFileDlg method.
- CVE-2021-20158Dec 30, 2021risk 0.07cvss —epss 0.11
Trendnet AC2600 TEW-827DRU version 2.08B01 contains an authentication bypass vulnerability. It is possible for an unauthenticated, malicous actor to force the change of the admin password due to a hidden administrative command.
- CVE-2023-49237Jan 9, 2024risk 0.06cvss —epss 0.19
An issue was discovered on TRENDnet TV-IP1314PI 5.5.3 200714 devices. Command injection can occur because the system function is used by davinci to unpack language packs without strict filtering of URL strings.
- CVE-2021-20150Dec 30, 2021risk 0.05cvss —epss 0.40
Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses information via redirection from the setup wizard. Authentication can be bypassed and a user may view information as Admin by manually browsing to the setup wizard and forcing it to redirect to the desired page.
- CVE-2024-0918Jan 26, 2024risk 0.04cvss —epss 0.25
A vulnerability was found in TRENDnet TEW-800MB 1.0.1.0 and classified as critical. Affected by this issue is some unknown functionality of the component POST Request Handler. The manipulation of the argument DeviceURL leads to os command injection. The attack may be launched…
- CVE-2019-13278Jul 10, 2019risk 0.04cvss —epss 0.09
TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple command injections when processing user input for the setup wizard, allowing an unauthenticated user to run arbitrary commands on the device. The vulnerability can be exercised on the local intranet…
- CVE-2014-10011Jan 13, 2015risk 0.04cvss —epss 0.10
Stack-based buffer overflow in UltraCamLib in the UltraCam ActiveX Control (UltraCamX.ocx) for the TRENDnet SecurView camera TV-IP422WN allows remote attackers to execute arbitrary code via a long string to the (1) CGI_ParamSet, (2) OpenFileDlg, (3) SnapFileName, (4) Password,…
- CVE-2024-0919Jan 26, 2024risk 0.03cvss —epss 0.23
A vulnerability was found in TRENDnet TEW-815DAP 1.0.2.0. It has been classified as critical. This affects the function do_setNTP of the component POST Request Handler. The manipulation of the argument NtpDstStart/NtpDstEnd leads to command injection. It is possible to initiate…
- CVE-2013-3365Feb 4, 2014risk 0.03cvss —epss 0.04
TRENDnet TEW-812DRU router allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) wan network prefix to internet/ipv6.asp; (2) remote port to adm/management.asp; (3) pptp username, (4) pptp password, (5) ip, (6) gateway, (7) l2tp…
- CVE-2013-3098Feb 4, 2014risk 0.03cvss —epss 0.01
Multiple cross-site request forgery (CSRF) vulnerabilities in TRENDnet TEW-812DRU router with firmware before 1.0.9.0 allow remote attackers to hijack the authentication of administrators for requests that (1) change admin credentials in a request to setSysAdm.cgi, (2) enable…
- CVE-2024-37642Jun 14, 2024risk 0.02cvss —epss 0.11
TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a command injection vulnerability via the ipv4_ping, ipv6_ping parameter at /formSystemCheck .
- CVE-2024-50667Nov 11, 2024risk 0.01cvss —epss 0.06
The boa httpd of Trendnet TEW-820AP 1.01.B01 has a stack overflow vulnerability in /boafrm/formIPv6Addr, /boafrm/formIpv6Setup, /boafrm/formDnsv6. The reason is that the check of ipv6 address is not sufficient, which allows attackers to construct payloads for attacks.
- CVE-2022-46598Dec 30, 2022risk 0.01cvss —epss 0.02
TRENDnet TEW755AP 1.13B01 was discovered to contain a command injection vulnerability via the wps_sta_enrollee_pin parameter in the action set_sta_enrollee_pin_5g function.
- CVE-2022-46597Dec 30, 2022risk 0.01cvss —epss 0.02
TRENDnet TEW755AP 1.13B01 was discovered to contain a command injection vulnerability via the sys_service parameter in the setup_wizard_mydlink (sub_4104B8) function.
- CVE-2022-37053Aug 28, 2022risk 0.01cvss —epss 0.03
TRENDnet TEW733GR v1.03B01 is vulnerable to Command injection via /htdocs/upnpinc/gena.php.
- CVE-2021-20160Dec 30, 2021risk 0.01cvss —epss 0.03
Trendnet AC2600 TEW-827DRU version 2.08B01 contains a command injection vulnerability in the smb functionality of the device. The username parameter used when configuring smb functionality for the device is vulnerable to command injection as root.
- CVE-2021-20159Dec 30, 2021risk 0.01cvss —epss 0.03
Trendnet AC2600 TEW-827DRU version 2.08B01 is vulnerable to command injection. The system log functionality of the firmware allows for command injection as root by supplying a malformed parameter.
- CVE-2020-14076Jun 15, 2020risk 0.01cvss —epss 0.03
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action st_dev_connect, st_dev_disconnect, or st_dev_rconnect with a…
- CVE-2020-14075Jun 15, 2020risk 0.01cvss —epss 0.03
TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action pppoe_connect, ru_pppoe_connect, or dhcp_connect with the key wan_ifname (or wan0_dns), allowing an authenticated user to run arbitrary commands on the device.
- CVE-2020-14081Jun 15, 2020risk 0.01cvss —epss 0.02
TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action send_log_email with the key auth_acname (or auth_passwd), allowing an authenticated user to run arbitrary commands on the device.
- CVE-2019-11400Dec 18, 2019risk 0.01cvss —epss 0.17
An issue was discovered on TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices. A buffer overflow occurs through the get_set.ccp ccp_act parameter.
- CVE-2019-13155Jul 2, 2019risk 0.01cvss —epss 0.02
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the IP Address in Add Virtual Server.
- CVE-2019-13154Jul 2, 2019risk 0.01cvss —epss 0.02
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the TCP Ports To Open in Add Gaming Rule.
- CVE-2019-13153Jul 2, 2019risk 0.01cvss —epss 0.02
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the Private Port in Add Virtual Server.
- CVE-2019-13152Jul 2, 2019risk 0.01cvss —epss 0.02
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the IP Address in Add Gaming Rule.
- CVE-2019-13151Jul 2, 2019risk 0.01cvss —epss 0.02
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the action set_sta_enrollee_pin_5g and the key wps_sta_enrollee_pin.
- CVE-2019-13150Jul 2, 2019risk 0.01cvss —epss 0.02
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication). The command injection exists in the key ip_addr.
- CVE-2019-13149Jul 2, 2019risk 0.01cvss —epss 0.02
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the key passwd in Routing RIP Settings.
- CVE-2019-13148Jul 2, 2019risk 0.01cvss —epss 0.02
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the UDP Ports To Open in Add Gaming Rule.
- CVE-2025-15472Jan 6, 2026risk 0.00cvss —epss 0.20
A flaw has been found in TRENDnet TEW-811DRU 1.0.2.0. This affects the function setDeviceURL of the file uapply.cgi of the component httpd . This manipulation of the argument DeviceURL causes os command injection. The attack can be initiated remotely. The exploit has been…
- CVE-2025-15471Jan 6, 2026risk 0.00cvss —epss 0.12
A vulnerability was detected in TRENDnet TEW-713RE 1.02. The impacted element is an unknown function of the file /goformX/formFSrvX. The manipulation of the argument SZCMD results in os command injection. It is possible to launch the attack remotely. The exploit is now public…
- CVE-2025-15137Dec 28, 2025risk 0.00cvss —epss 0.10
A vulnerability was detected in TRENDnet TEW-800MB 1.0.1.0. Affected by this vulnerability is the function sub_F934 of the file NTPSyncWithHost.cgi. The manipulation results in command injection. The attack may be launched remotely. The exploit is now public and may be used.…
- CVE-2025-15136Dec 28, 2025risk 0.00cvss —epss 0.10
A security vulnerability has been detected in TRENDnet TEW-800MB 1.0.1.0. Affected is the function do_setWizard_asp of the file /goform/wizardset of the component Management Interface. The manipulation of the argument WizardConfigured leads to command injection. The attack may…
- CVE-2025-65202Nov 26, 2025risk 0.00cvss —epss 0.07
TRENDnet TEW-657BRM 1.00.1 has an authenticated remote OS command injection vulnerability in the setup.cgi binary, exploitable via the HTTP parameters "command", "todo", and "next_file," which allows an attacker to execute arbitrary commands with root privileges.
- CVE-2024-46484Aug 29, 2025risk 0.00cvss —epss 0.01
TRENDnet TV-IP410 vA1.0R was discovered to contain an OS command injection vulnerability via the /server/cgi-bin/testserv.cgi component.
- CVE-2025-44649Jul 21, 2025risk 0.00cvss —epss 0.00
In the configuration file of racoon in the TRENDnet TEW-WLC100P 2.03b03, the first item of exchage_mode is set to aggressive. Aggressive mode in IKE Phase 1 exposes identity information in plaintext, is vulnerable to offline dictionary attacks, and lacks flexibility in…
- CVE-2025-44647Jul 21, 2025risk 0.00cvss —epss 0.00
In TRENDnet TEW-WLC100P 2.03b03, the i_dont_care_about_security_and_use_aggressive_mode_psk option is enabled in the strongSwan configuration file, so that IKE Responders are allowed to use IKEv1 Aggressive Mode with Pre-Shared Keys to conduct offline attacks on the openly…
- CVE-2025-44651Jul 21, 2025risk 0.00cvss —epss 0.01
In TRENDnet TPL-430AP FW1.0, the USERLIMIT_GLOBAL option is set to 0 in the bftpd-related configuration file. This can cause DoS attacks when unlimited users are connected.
- CVE-2025-2960Mar 30, 2025risk 0.00cvss —epss 0.01
A vulnerability classified as problematic has been found in TRENDnet TEW-637AP and TEW-638APB 1.2.7/1.3.0.106. This affects the function sub_41DED0 of the file /bin/goahead of the component HTTP Request Handler. The manipulation leads to null pointer dereference. Access to the…
- CVE-2025-2959Mar 30, 2025risk 0.00cvss —epss 0.01
A vulnerability was found in TRENDnet TEW-410APB 1.3.06b. It has been rated as problematic. Affected by this issue is the function sub_4019A0 of the file /usr/sbin/httpd of the component HTTP Request Handler. The manipulation leads to null pointer dereference. The attack needs…
- CVE-2025-2958Mar 30, 2025risk 0.00cvss —epss 0.01
A vulnerability was found in TRENDnet TEW-818DRU 1.0.14.6. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /usr/sbin/httpd of the component HTTP Request Handler. The manipulation leads to denial of service. The attack…
- CVE-2025-25430Feb 28, 2025risk 0.00cvss —epss 0.00
Trendnet TEW-929DRU 1.0.0.10 contains a Stored Cross-site Scripting (XSS) vulnerability via the configname parameter on the /cbi_addcert.htm page.
- CVE-2025-25431Feb 28, 2025risk 0.00cvss —epss 0.00
Trendnet TEW-929DRU 1.0.0.10 contains a Stored Cross-site Scripting (XSS) vulnerability via the The ssid key of wifi_data parameter on the /captive_portal.htm page.
- CVE-2025-25428Feb 28, 2025risk 0.00cvss —epss 0.00
TRENDnet TEW-929DRU 1.0.0.10 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.
- CVE-2025-25429Feb 28, 2025risk 0.00cvss —epss 0.00
Trendnet TEW-929DRU 1.0.0.10 contains a Stored Cross-site Scripting (XSS) vulnerability via the r_name variable inside the have_same_name function on the /addschedule.htm page.
- CVE-2025-25523Feb 11, 2025risk 0.00cvss —epss 0.00
Buffer overflow vulnerability in Trendnet TEG-40128 Web Smart Switch v1(1.00.023) due to the lack of length verification, which is related to the mobile access point setup operation. The attacker can directly control the remote target device by successfully exploiting this…
- CVE-2024-57590Jan 27, 2025risk 0.00cvss —epss 0.01
TRENDnet TEW-632BRP v1.010B31 devices have an OS command injection vulnerability in the CGl interface "ntp_sync.cgi",which allows remote attackers to execute arbitrary commands via parameter "ntp_server" passed to the "ntp_sync.cgi" binary through a POST request.
- CVE-2024-51189Nov 11, 2024risk 0.00cvss —epss 0.00
TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the macList_Name_1.1.1.0.0 parameter on the /filters.htm page.
- CVE-2024-51187Nov 11, 2024risk 0.00cvss —epss 0.00
TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the firewallRule_Name_1.1.1.0.0 parameter on the /firewall_setting.htm page.
Page 2 of 5