Cross-Site Scripting Vulnerability in TRENDnet TEW-831DR Routers
CVE-2022-30326

5.4MEDIUM

Key Information:

Vendor: Trendnet
Status: Tew-831dr Firmware
Vendor: CVE Published:; 16 June 2022

What is CVE-2022-30326?

A Cross-Site Scripting (XSS) vulnerability has been identified in TRENDnet TEW-831DR devices, specifically affecting the web interface's network pre-shared key field. This weakness allows attackers to execute arbitrary scripts, potentially leading to a crash of the basic.config page or other malicious consequences. Users are urged to take precautionary measures to safeguard their devices against such exploitation.

References

https://research.nccgroup.com/?research=Technical+advisories

x_refsource_MISC

https://research.nccgroup.com/2022/06/10/technical-adviso...

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 16, 2022
Vulnerability Reserved
May 7, 2022

Trendnet

What is CVE-2022-30326?

References

CVSS V3.1

Timeline