Command Injection Vulnerability in TRENDnet Router
CVE-2025-10107

5.1MEDIUM

Key Information:

Vendor: Trendnet
Status: Tew-831dr
Vendor: CVE Published:; 9 September 2025

What is CVE-2025-10107?

A command injection vulnerability exists in the TRENDnet TEW-831DR router, specifically within the file /boafrm/formSysCmd. This flaw allows an attacker to manipulate the 'sysHost' argument, potentially enabling remote code execution. The vendor was notified of this issue prior to public disclosure but did not respond. This vulnerability can be exploited remotely, posing a significant security risk to affected systems. Users of the TEW-831DR model should take immediate action to secure their devices.

Affected Version(s)

TEW-831DR 1.0 (601.130.1.1410)

References

https://vuldb.com/?id.323208

vdb-entrytechnical-description

https://vuldb.com/?ctiid.323208

signaturepermissions-required

https://vuldb.com/?submit.636833

third-party-advisory

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 9, 2025
Vulnerability Reserved
Sep 8, 2025

Credit

Darklab.Limited (VulDB User)