CVE-2023-0639

Name of the Vulnerable Software and Affected Versions TRENDnet TEW-652BRP version 3.04b01

Description A vulnerability was found in the Web Management Interface of the TRENDnet TEW-652BRP, affecting the processing of the file get set.ccp. The manipulation of the nextPage argument leads to cross-site scripting. The attack may be initiated remotely.

Recommendations For TRENDnet TEW-652BRP version 3.04b01, consider disabling the Web Management Interface or restricting access to it until a patch is available. As a temporary workaround, avoid using the nextPage argument in the affected API endpoint. At the moment, there is no information about a newer version that contains a fix for this vulnerability.