CVE-2025-15472

High CVSS: 7.3

A flaw has been found in TRENDnet TEW-811DRU 1.0.2.0. This affects the function setDeviceURL of the file uapply.cgi of the component httpd . This manipulation of the argument DeviceURL causes os command injection. The attack can be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Vendor

Trendnet

Product

Tew-811dru Firmware

CWE

CWE-77

Yayın Tarihi

2026-01-07 12:16:59

Güncelleme

2026-01-15 22:16:43

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-77 Tew-811dru Firmware HIGH Trendnet 2026

Referanslar

https://pentagonal-time-3a7.notion.site/TrendNet-TEW-811DRU-2d2e5dd4c5a58016a612e99853b835f8 https://vuldb.com/?ctiid.339722 https://vuldb.com/?id.339722 https://vuldb.com/?submit.721874

Benzer Kayıtlar

High

CVE-2026-5349

A vulnerability was identified in Trendnet TEW-657BRM 1.00.1. The affected element is the function add_apcdb of the file…

High

CVE-2025-15471

A vulnerability was detected in TRENDnet TEW-713RE 1.02. The impacted element is an unknown function of the file /goform…

Medium

CVE-2025-15139

A vulnerability has been found in TRENDnet TEW-822DRE 1.00B21/1.01B06. This affects the function sub_43ACF4 of the file…

High

CVE-2025-15137

A vulnerability was detected in TRENDnet TEW-800MB 1.0.1.0. Affected by this vulnerability is the function sub_F934 of…

High

CVE-2025-15136

A security vulnerability has been detected in TRENDnet TEW-800MB 1.0.1.0. Affected is the function do_setWizard_asp of t…

High

CVE-2025-65202

TRENDnet TEW-657BRM 1.00.1 has an authenticated remote OS command injection vulnerability in the setup.cgi binary, explo…