CVE-2024-51188

Name of the Vulnerable Software and Affected Versions: TRENDnet TEW-651BR version 2.04B1 TRENDnet TEW-652BRP version 3.04b01 TRENDnet TEW-652BRU version 1.00b12

Description: The issue concerns a Store Cross-site scripting (XSS) vulnerability. This vulnerability can be exploited via the vsRule VirtualServerName 1.1.10.0.0 parameter on the "/virtual server.htm" page.

Recommendations: For TRENDnet TEW-651BR version 2.04B1, consider disabling access to the "/virtual server.htm" page until a patch is available. For TRENDnet TEW-652BRP version 3.04b01, avoid using the vsRule VirtualServerName 1.1.10.0.0 parameter in the affected API endpoint until the issue is resolved. For TRENDnet TEW-652BRU version 1.00b12, restrict access to the vulnerable module related to the "/virtual server.htm" page to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.