Stored Cross-Site Scripting Vulnerability in Trendnet TEW-929DRU Router
CVE-2025-25431

4.8MEDIUM

Key Information:

Vendor: Trendnet
Status: TEW-929DRU
Vendor: CVE Published:; 28 February 2025

What is CVE-2025-25431?

The Trendnet TEW-929DRU router version 1.0.0.10 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability. This flaw occurs through the 'ssid' key of the 'wifi_data' parameter on the /captive_portal.htm page, allowing attackers to inject malicious scripts that may be executed in the context of authorized users.

References

https://instinctive-acapella-fc7.notion.site/Trendnet-TEW...

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 28, 2025
Vulnerability Reserved
Feb 7, 2025