CVE-2025-15137

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions TRENDnet TEW-800MB version 1.0.1.0

Description A command injection issue exists in the TRENDnet TEW-800MB. The issue is located in the NTPSyncWithHost.cgi file, specifically within the sub F934 function. Successful exploitation allows for remote command execution. The exploit is publicly available, and the vendor was notified but did not respond.

Recommendations TRENDnet TEW-800MB version 1.0.1.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Special Elements Injection

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-77

Related Identifiers

BDU:2025-16427

CVE-2025-15137

Affected Products

Trendnet Tew-800Mb

CVE-2025-15137

Weakness Enumeration

Related Identifiers

Affected Products

References · 16