Galapag0S

Name of the Vulnerable Software and Affected Versions: TrendNet TW100-S4W1CA version 2.3.32 Description: The issue is related to a lack of proper session controls, allowing a threat actor to make unauthorized changes to the affected router via a specially crafted web page. If an authenticated user interacts with a malicious web page, it could allow for a complete takeover of the router. Recommendations: For TrendNet TW100-S4W1CA version 2.3.32, as a temporary workaround, consider restricting access to the web interface until a patch is available. Avoid using the router's web interface to interact with untrusted web pages. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: TrendNet TW100-S4W1CA version 2.3.32 Description: The issue allows for the injection of arbitrary JavaScript into the router's web interface via the `echo` command. This can potentially lead to unauthorized access or control of the router's web interface. Recommendations: For TrendNet TW100-S4W1CA version 2.3.32, as a temporary workaround, consider restricting access to the web interface until a patch is available. Avoid using the `echo` command in the router's web interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.