CVE-2018-7034

Name of the Vulnerable Software and Affected Versions TRENDnet TEW-751DR version 1.03B03 TRENDnet TEW-752DRU version 1.03B01 TRENDnet TEW-733GR version 1.03B01

Description The issue allows authentication bypass via an AUTHORIZED GROUP=1 value. This can be demonstrated by sending a request for "getcfg.php", which is an API endpoint, allowing unauthorized access.

Recommendations For TRENDnet TEW-751DR version 1.03B03, consider disabling access to the "getcfg.php" endpoint until a fix is available. For TRENDnet TEW-752DRU version 1.03B01, restrict the use of the AUTHORIZED GROUP variable to prevent unauthorized access. For TRENDnet TEW-733GR version 1.03B01, avoid using the AUTHORIZED GROUP=1 value in requests to the "getcfg.php" endpoint to minimize the risk of exploitation.