CVE-2022-30326

Name of the Vulnerable Software and Affected Versions TRENDnet TEW-831DR version 1.0 601.130.1.1356

Description An issue was found in the TRENDnet TEW-831DR device where the network pre-shared key field on the web interface is vulnerable to cross-site scripting (XSS). This vulnerability can be exploited by an attacker using a simple XSS payload to crash the basic.config page of the web interface. The vulnerability exists due to a lack of protection measures for the web page structure, allowing a remote attacker to conduct an XSS attack.

Recommendations For TRENDnet TEW-831DR version 1.0 601.130.1.1356, as a temporary workaround, consider restricting access to the web interface to minimize the risk of exploitation. Avoid using the network pre-shared key field until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.