CVE-2026-4354 describes a cross-site scripting (XSS) vulnerability affecting the TRENDnet TEW-824DRU router's web interface. This vulnerability allows attackers to inject malicious scripts into the web interface, potentially compromising user sessions and gaining unauthorized access. The vulnerability impacts firmware versions 1.010B01 and 1.04B01. A fix is pending from the vendor.
Successful exploitation of CVE-2026-4354 enables an attacker to inject arbitrary JavaScript code into the TRENDnet TEW-824DRU web interface. This can be leveraged to steal user session cookies, allowing the attacker to impersonate legitimate users and gain access to sensitive router configuration settings. The attack is remotely exploitable, meaning an attacker does not need to be on the same local network as the router. Given the router's role in managing network traffic and potentially exposing internal devices, a successful attack could lead to broader network compromise. The availability of a public proof-of-concept significantly increases the risk of exploitation.
CVE-2026-4354 is currently considered a moderate risk due to the availability of a public proof-of-concept. While the CVSS score is LOW (3.5), the ease of exploitation and potential impact warrant immediate attention. The vulnerability was disclosed on 2026-03-17, and the vendor has not yet responded. It is advisable to monitor security advisories and threat intelligence feeds for any signs of active exploitation campaigns targeting TRENDnet routers.
Exploit Status
EPSS
0.03% (8% percentile)
CISA SSVC
CVSS Vector
Due to the lack of a vendor-provided patch, immediate mitigation strategies are crucial. Implement a Web Application Firewall (WAF) to filter and sanitize user input, specifically targeting the 'Language' parameter in the 'apply_sec.cgi' file. Configure the WAF to block any requests containing suspicious JavaScript code. Additionally, restrict access to the web interface using strong passwords and multi-factor authentication. Regularly monitor router logs for any unusual activity. While a direct fix is unavailable, these measures can significantly reduce the attack surface. After implementing WAF rules, verify their effectiveness by attempting to trigger the XSS vulnerability with a test payload.
Update the TRENDnet TEW-824DRU router firmware to a version that corrects the Cross-Site Scripting (XSS) vulnerability in the web interface. Since the vendor has not responded, it is recommended to consider replacing the device with one that receives active security updates.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-4354 is a cross-site scripting (XSS) vulnerability in the TRENDnet TEW-824DRU router's web interface, allowing attackers to inject malicious scripts via the Language parameter.
You are affected if you are using a TRENDnet TEW-824DRU router with firmware versions 1.010B01 or 1.04B01 and have not applied a vendor-provided patch (currently unavailable).
A vendor patch is not currently available. Mitigate by implementing a WAF to sanitize input, restricting access, and monitoring router logs.
While active exploitation is not confirmed, the availability of a public proof-of-concept suggests a high likelihood of exploitation.
As of the disclosure date, TRENDnet has not released an official advisory. Monitor the TRENDnet website and security mailing lists for updates.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.