Critical Vulnerability Found in TRENDnet Wireless Routers – Update Your Firmware Now

CVECVE-2023-0611
CVSScvssV3_1: 8.8
SourceCVE-2023-0611

A critical remote command injection vulnerability has been discovered in TRENDnet wireless routers. The vulnerability receives a CVSS score of 8.8 out of 10, making it a very severe issue.

The vulnerability exists in the web management interface of TRENDnet routers running firmware version 3.04B01 or earlier. By manipulating the get_set.ccp file, a remote attacker can execute arbitrary commands on the router with root privileges.

Command injection flaws occur when user-supplied input is sent to the system shell without being properly sanitized. This allows an attacker to inject OS commands into otherwise legitimate requests. In this case, a hacker could fully compromise the router to intercept network traffic, install malware, or launch attacks on other systems.

If exploited, the vulnerability could seriously impact the security and privacy of any network or devices connected to the vulnerable TRENDnet router. It is important that users update their router firmware immediately to patch this vulnerability.

TRENDnet has released updated firmware to address this issue. Users are strongly recommended to check for and install any available firmware updates to protect their network and connected devices from remote exploitation of this critical vulnerability. Keeping your router firmware up to date is one of the best ways to help secure your home or small business network.

References