Cross-Site Request Forgery in TRENDnet Wi-Fi Router
CVE-2022-30327

6.5MEDIUM

Key Information:

Vendor: Trendnet
Status: Tew-831dr Firmware
Vendor: CVE Published:; 16 June 2022

What is CVE-2022-30327?

A vulnerability in the web interface of the TRENDnet TEW-831DR router allows an attacker to exploit Cross-Site Request Forgery (CSRF) issues. By knowing the IP address of the device, a malicious user can change the Wi-Fi router's pre-shared key, potentially disrupting network access and compromising connected devices. This vulnerability underscores the need for robust security measures to protect against unauthorized configurations and access.

References

https://research.nccgroup.com/?research=Technical+advisories

x_refsource_MISC

https://research.nccgroup.com/2022/06/10/technical-adviso...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 16, 2022
Vulnerability Reserved
May 7, 2022

Trendnet

What is CVE-2022-30327?

References

CVSS V3.1

Timeline