PT-2024-34554 · Trendnet · Trendnet Tew-651Br+1
Published
2024-11-11
·
Updated
2024-11-12
·
CVE-2024-51187
CVSS v3.1
4.8
Medium
| Vector | AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
TRENDnet TEW-651BR version 2.04B1
TRENDnet TEW-652BRP version 3.04b01
TRENDnet TEW-652BRU version 1.00b12
Description:
The issue concerns a Store Cross-site scripting (XSS) vulnerability. This vulnerability can be exploited via the
firewallRule Name 1.1.1.0.0 parameter on the "/firewall setting.htm" page.Recommendations:
For TRENDnet TEW-651BR version 2.04B1, consider disabling access to the "/firewall setting.htm" page until a patch is available.
For TRENDnet TEW-652BRP version 3.04b01, avoid using the
firewallRule Name 1.1.1.0.0 parameter in the "/firewall setting.htm" page until the issue is resolved.
For TRENDnet TEW-652BRU version 1.00b12, restrict access to the "/firewall setting.htm" page to minimize the risk of exploitation.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Trendnet Tew-651Br
Trendnet Tew-652Brp