Trendnet TEW-929DRU 1.0.0.10 contains a Stored Cross-site Scripting (XSS) vulnerability via the configname parameter on the /cbi_addcert.htm page.
References
| Link | Resource |
|---|---|
| https://instinctive-acapella-fc7.notion.site/Trendnet-TEW-929DRU-XSS-17a15d9d4d2680fbb72ced0a02a64875 | Exploit Third Party Advisory |
| https://instinctive-acapella-fc7.notion.site/Trendnet-TEW-929DRU-XSS-17a15d9d4d2680fbb72ced0a02a64875 | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
History
21 May 2025, 16:06
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:o:trendnet:tew-929dru_firmware:1.0.0.10:*:*:*:*:*:*:* cpe:2.3:h:trendnet:tew-929dru:-:*:*:*:*:*:*:* |
|
| First Time |
Trendnet
Trendnet tew-929dru Firmware Trendnet tew-929dru |
|
| References | () https://instinctive-acapella-fc7.notion.site/Trendnet-TEW-929DRU-XSS-17a15d9d4d2680fbb72ced0a02a64875 - Exploit, Third Party Advisory |
04 Mar 2025, 16:15
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.8 |
| Summary |
|
|
| References | () https://instinctive-acapella-fc7.notion.site/Trendnet-TEW-929DRU-XSS-17a15d9d4d2680fbb72ced0a02a64875 - | |
| CWE | CWE-79 |
28 Feb 2025, 18:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-02-28 18:15
Updated : 2025-05-21 16:06
NVD link : CVE-2025-25430
Mitre link : CVE-2025-25430
CVE.ORG link : CVE-2025-25430
JSON object : View
Products Affected
trendnet
- tew-929dru
- tew-929dru_firmware
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')