Command Injection Vulnerability in Trendnet TEW-635BRM Router
CVE-2026-15481
Key Information:
- Vendor
Trendnet
- Status
- Vendor
- CVE Published:
- 12 July 2026
Badges
What is CVE-2026-15481?
A command injection vulnerability exists in the Trendnet TEW-635BRM router with firmware versions up to 1.00.03. This flaw affects the ipoa_test function within the /sbin/rc file for the IPoA WAN Connection Setup component. An attacker can exploit this vulnerability remotely by manipulating the ipoa_ipaddr argument. Since the product has reached end-of-life, the vendor has stated it cannot verify the existence of the vulnerability, suggesting users transition to newer devices for continued security.
Affected Version(s)
TEW-635BRM 1.00.03
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
