CVE-2025-15139
Remote Command Injection in TRENDnet TEW-822DRE WPS Function
Publication date: 2025-12-28
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| trendnet | tew-822dre | 1.00b21 |
| trendnet | tew-822dre | 1.01b06 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not contain information regarding the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of CVE-2025-15139 involves identifying the presence of vulnerable TRENDnet TEW-822DRE devices running firmware versions 1.00B21 or 1.01B06. Since the vulnerability is a command injection via the peerPin argument in the /boafrm/formWsc endpoint when WPS is disabled, detection can include scanning for devices responding to HTTP requests to this endpoint and checking firmware versions. Specific commands are not provided in the resources, but network scanning tools like nmap with HTTP scripts or curl commands to test the /boafrm/formWsc endpoint for abnormal responses could be used. Authentication is required to trigger the vulnerability, so detection may involve authenticated requests to test for command injection behavior. However, no explicit detection commands or scripts are detailed in the provided resources. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include replacing the affected TRENDnet TEW-822DRE devices running firmware versions 1.00B21 or 1.01B06, as no known countermeasures or patches are available. Since the vulnerability requires authentication and occurs only when WPS is disabled, ensuring WPS is enabled might reduce risk, but this is not explicitly stated as a mitigation. The vendor did not respond or provide any mitigation. Therefore, the recommended action is to replace the affected product to avoid exploitation. [2]
Can you explain this vulnerability to me?
This vulnerability exists in the TRENDnet TEW-822DRE router firmware versions 1.00B21 and 1.01B06, specifically in the function sub_43ACF4 of the file /boafrm/formWsc. It involves manipulation of the argument peerPin, which leads to command injection. This means an attacker can remotely execute arbitrary commands on the device by exploiting this flaw.
How can this vulnerability impact me? :
The vulnerability allows remote attackers to execute arbitrary commands on the affected device. This can lead to unauthorized control over the router, potentially compromising network security, intercepting or altering network traffic, and causing disruption or data breaches.