Scan free
LOWCVE-2026-4354CVSS 3.5

CVE-2026-4354: XSS in TRENDnet TEW-824DRU Web Interface

Platform

other

AI Confidence: highNVDEPSS 0.0%Reviewed: May 2026
View on NVD
Save

CVE-2026-4354 describes a cross-site scripting (XSS) vulnerability affecting the TRENDnet TEW-824DRU router's web interface. This vulnerability allows attackers to inject malicious scripts into the web interface, potentially compromising user sessions and gaining unauthorized access. The vulnerability impacts firmware versions 1.010B01 and 1.04B01. A fix is pending from the vendor.

Impact and Attack Scenarios

Successful exploitation of CVE-2026-4354 enables an attacker to inject arbitrary JavaScript code into the TRENDnet TEW-824DRU web interface. This can be leveraged to steal user session cookies, allowing the attacker to impersonate legitimate users and gain access to sensitive router configuration settings. The attack is remotely exploitable, meaning an attacker does not need to be on the same local network as the router. Given the router's role in managing network traffic and potentially exposing internal devices, a successful attack could lead to broader network compromise. The availability of a public proof-of-concept significantly increases the risk of exploitation.

Exploitation Context

CVE-2026-4354 is currently considered a moderate risk due to the availability of a public proof-of-concept. While the CVSS score is LOW (3.5), the ease of exploitation and potential impact warrant immediate attention. The vulnerability was disclosed on 2026-03-17, and the vendor has not yet responded. It is advisable to monitor security advisories and threat intelligence feeds for any signs of active exploitation campaigns targeting TRENDnet routers.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown
CISA KEVNO
Internet ExposureHigh
NextGuard10–15% still vulnerable

EPSS

0.03% (8% percentile)

CISA SSVC

Exploitationpoc
Automatableno
Technical Impactpartial

CVSS Vector

THREAT INTELLIGENCE· CVSS 3.1CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R3.5LOWAttack VectorNetworkHow the attacker reaches the targetAttack ComplexityLowConditions required to exploitPrivileges RequiredLowAuthentication level needed to attackUser InteractionRequiredWhether a victim must take actionScopeUnchangedImpact beyond the vulnerable componentConfidentialityNoneRisk of sensitive data exposureIntegrityLowRisk of unauthorized data modificationAvailabilityNoneRisk of service disruptionnextguardhq.com · CVSS v3.1 Base Score
What do these metrics mean?
Attack Vector
Network — remotely exploitable over the internet. No physical or local access required. Widest attack surface.
Attack Complexity
Low — no special conditions required. Attacker can exploit reliably without depending on rare configurations or timing.
Privileges Required
Low — any valid user account is sufficient. Basic authenticated access required.
User Interaction
Required — victim must take an action: open a file, click a link, or visit a crafted page.
Scope
Unchanged — impact is limited to the vulnerable component itself.
Confidentiality
None — no confidentiality impact. Attacker cannot read protected data.
Integrity
Low — attacker can modify some data with limited scope or impact.
Availability
None — no availability impact. Service remains fully operational.

Affected Software

VendorTRENDnet
Affected rangeFixed in
1.010B01 – 1.010B01
1.04B01 – 1.04B01

Weakness Classification (CWE)

CWE-79CWE-94

Timeline

  1. Reserved
  2. Published
  3. Modified
  4. EPSS updated
Unpatched — 68 days since disclosure

Mitigation and Workarounds

Due to the lack of a vendor-provided patch, immediate mitigation strategies are crucial. Implement a Web Application Firewall (WAF) to filter and sanitize user input, specifically targeting the 'Language' parameter in the 'apply_sec.cgi' file. Configure the WAF to block any requests containing suspicious JavaScript code. Additionally, restrict access to the web interface using strong passwords and multi-factor authentication. Regularly monitor router logs for any unusual activity. While a direct fix is unavailable, these measures can significantly reduce the attack surface. After implementing WAF rules, verify their effectiveness by attempting to trigger the XSS vulnerability with a test payload.

How to fix

Update the TRENDnet TEW-824DRU router firmware to a version that corrects the Cross-Site Scripting (XSS) vulnerability in the web interface. Since the vendor has not responded, it is recommended to consider replacing the device with one that receives active security updates.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2026-4354 — XSS in TRENDnet TEW-824DRU Web Interface?

CVE-2026-4354 is a cross-site scripting (XSS) vulnerability in the TRENDnet TEW-824DRU router's web interface, allowing attackers to inject malicious scripts via the Language parameter.

Am I affected by CVE-2026-4354 in TRENDnet TEW-824DRU Web Interface?

You are affected if you are using a TRENDnet TEW-824DRU router with firmware versions 1.010B01 or 1.04B01 and have not applied a vendor-provided patch (currently unavailable).

How do I fix CVE-2026-4354 in TRENDnet TEW-824DRU Web Interface?

A vendor patch is not currently available. Mitigate by implementing a WAF to sanitize input, restricting access, and monitoring router logs.

Is CVE-2026-4354 being actively exploited?

While active exploitation is not confirmed, the availability of a public proof-of-concept suggests a high likelihood of exploitation.

Where can I find the official TRENDnet advisory for CVE-2026-4354?

As of the disclosure date, TRENDnet has not released an official advisory. Monitor the TRENDnet website and security mailing lists for updates.

Is your project affected?

Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.

Scan freeSearch CVEs