Stored Cross-site Scripting Vulnerability in Trendnet TEW-929DRU Router
CVE-2025-25430

4.8MEDIUM

Key Information:

Vendor: Trendnet
Status: TEW-929DRU
Vendor: CVE Published:; 28 February 2025

What is CVE-2025-25430?

The Trendnet TEW-929DRU router version 1.0.0.10 is susceptible to a Stored Cross-site Scripting (XSS) vulnerability. This security flaw allows malicious users to inject harmful scripts into the web interface by exploiting the configname parameter on the /cbi_addcert.htm page. When this endpoint processes unvalidated input, attackers can execute scripts in the context of the user's session, potentially compromising sensitive data and hijacking user sessions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://instinctive-acapella-fc7.notion.site/Trendnet-TEW...

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 28, 2025
Vulnerability Reserved
Feb 7, 2025

JSON

Trendnet

What is CVE-2025-25430?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.