Command Injection Vulnerability in TRENDnet Router
CVE-2025-10107

5.1MEDIUM

Key Information:

Vendor

Trendnet

Status
Tew-831dr
Vendor
CVE Published:
9 September 2025

What is CVE-2025-10107?

A command injection vulnerability exists in the TRENDnet TEW-831DR router, specifically within the file /boafrm/formSysCmd. This flaw allows an attacker to manipulate the 'sysHost' argument, potentially enabling remote code execution. The vendor was notified of this issue prior to public disclosure but did not respond. This vulnerability can be exploited remotely, posing a significant security risk to affected systems. Users of the TEW-831DR model should take immediate action to secure their devices.

Affected Version(s)

TEW-831DR 1.0 (601.130.1.1410)

References

https://vuldb.com/?id.323208
vdb-entrytechnical-description
https://vuldb.com/?ctiid.323208
signaturepermissions-required
https://vuldb.com/?submit.636833
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Darklab.Limited (VulDB User)
JSON
.
CVE-2025-10107 : Command Injection Vulnerability in TRENDnet Router