Plateforme
other
CVE-2026-4354 describes a cross-site scripting (XSS) vulnerability affecting the TRENDnet TEW-824DRU router's web interface. This vulnerability allows attackers to inject malicious scripts into the web interface, potentially compromising user sessions and gaining unauthorized access. The vulnerability impacts firmware versions 1.010B01 and 1.04B01. A fix is pending from the vendor.
Successful exploitation of CVE-2026-4354 enables an attacker to inject arbitrary JavaScript code into the TRENDnet TEW-824DRU web interface. This can be leveraged to steal user session cookies, allowing the attacker to impersonate legitimate users and gain access to sensitive router configuration settings. The attack is remotely exploitable, meaning an attacker does not need to be on the same local network as the router. Given the router's role in managing network traffic and potentially exposing internal devices, a successful attack could lead to broader network compromise. The availability of a public proof-of-concept significantly increases the risk of exploitation.
CVE-2026-4354 is currently considered a moderate risk due to the availability of a public proof-of-concept. While the CVSS score is LOW (3.5), the ease of exploitation and potential impact warrant immediate attention. The vulnerability was disclosed on 2026-03-17, and the vendor has not yet responded. It is advisable to monitor security advisories and threat intelligence feeds for any signs of active exploitation campaigns targeting TRENDnet routers.
Small and medium-sized businesses (SMBs) and home users who rely on TRENDnet TEW-824DRU routers for their network connectivity are at risk. Organizations with multiple TRENDnet routers deployed should prioritize mitigation efforts. Users who have not changed the default router password are particularly vulnerable.
• windows / generic web: Use curl to test the 'apply_sec.cgi' endpoint with various 'Language' parameters containing JavaScript payloads. Examine the response for signs of script execution.
curl 'http://<router_ip>/apply_sec.cgi?Language=<script>alert("XSS")</script>'• linux / server: Monitor router access logs for requests containing suspicious JavaScript code in the 'Language' parameter. Use grep to search for patterns like <script> or alert().
grep '<script>' /var/log/httpd/access_log• generic web: Check response headers for unexpected content or modifications that could indicate XSS activity. Examine the HTML source code for injected scripts.
disclosure
Statut de l'Exploit
EPSS
0.03% (percentile 8%)
CISA SSVC
Vecteur CVSS
Due to the lack of a vendor-provided patch, immediate mitigation strategies are crucial. Implement a Web Application Firewall (WAF) to filter and sanitize user input, specifically targeting the 'Language' parameter in the 'apply_sec.cgi' file. Configure the WAF to block any requests containing suspicious JavaScript code. Additionally, restrict access to the web interface using strong passwords and multi-factor authentication. Regularly monitor router logs for any unusual activity. While a direct fix is unavailable, these measures can significantly reduce the attack surface. After implementing WAF rules, verify their effectiveness by attempting to trigger the XSS vulnerability with a test payload.
Mettre à jour le firmware du routeur TRENDnet TEW-824DRU vers une version qui corrige la vulnérabilité de Cross-Site Scripting (XSS) dans l'interface web. Étant donné que le fournisseur n'a pas répondu, il est recommandé d'envisager le remplacement de l'appareil par un appareil qui reçoit des mises à jour de sécurité actives.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2026-4354 is a cross-site scripting (XSS) vulnerability in the TRENDnet TEW-824DRU router's web interface, allowing attackers to inject malicious scripts via the Language parameter.
You are affected if you are using a TRENDnet TEW-824DRU router with firmware versions 1.010B01 or 1.04B01 and have not applied a vendor-provided patch (currently unavailable).
A vendor patch is not currently available. Mitigate by implementing a WAF to sanitize input, restricting access, and monitoring router logs.
While active exploitation is not confirmed, the availability of a public proof-of-concept suggests a high likelihood of exploitation.
As of the disclosure date, TRENDnet has not released an official advisory. Monitor the TRENDnet website and security mailing lists for updates.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.