Stored Cross-site Scripting Vulnerability in Trendnet TEW-929DRU Router
CVE-2025-25430

4.8MEDIUM

Key Information:

Vendor: Trendnet
Status: TEW-929DRU
Vendor: CVE Published:; 28 February 2025

What is CVE-2025-25430?

The Trendnet TEW-929DRU router version 1.0.0.10 is susceptible to a Stored Cross-site Scripting (XSS) vulnerability. This security flaw allows malicious users to inject harmful scripts into the web interface by exploiting the configname parameter on the /cbi_addcert.htm page. When this endpoint processes unvalidated input, attackers can execute scripts in the context of the user's session, potentially compromising sensitive data and hijacking user sessions.

References

https://instinctive-acapella-fc7.notion.site/Trendnet-TEW...

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 28, 2025
Vulnerability Reserved
Feb 7, 2025