CVE-2025-15471
OS Command Injection in TRENDnet TEW-713RE Remote Exploit
Publication date: 2026-01-07
Last updated on: 2026-03-18
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| trendnet | tew-713re_firmware | 1.0.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-15471 is a critical OS command injection vulnerability in the TRENDnet TEW-713RE version 1.02, specifically in the file /goformX/formFSrvX. The vulnerability occurs because the argument SZCMD is not properly sanitized, allowing an attacker to inject arbitrary operating system commands. This can be exploited remotely without any authentication, making it highly accessible to attackers. [1, 2]
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to full device compromise with root privileges. An attacker can execute arbitrary commands, create files, manipulate services, install backdoors, and potentially move laterally within the network. This impacts the confidentiality, integrity, and availability of the affected device. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for HTTP requests targeting the endpoint /goformX/formFSrvX with the SZCMD parameter. You can use network traffic analysis tools or web server logs to identify such requests. For example, using curl to test the endpoint: curl -v http://<device-ip>/goformX/formFSrvX?SZCMD=id - this should not execute commands if the device is not vulnerable. Additionally, network intrusion detection systems (NIDS) can be configured to alert on suspicious requests containing command injection patterns targeting this endpoint. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include implementing restrictive firewall rules to block unauthorized access to the vulnerable endpoint /goformX/formFSrvX. Since the vulnerability allows remote unauthenticated command execution, restricting network access to the device, especially from untrusted networks, is critical. Additionally, monitoring and blocking suspicious HTTP requests targeting the SZCMD parameter can help reduce exploitation risk. As no vendor patch is available, network-level controls are the primary defense. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows remote attackers to execute arbitrary OS commands with root privileges, leading to full device compromise. This can result in unauthorized access, manipulation, or disruption of data and services, which may violate confidentiality, integrity, and availability requirements mandated by standards like GDPR and HIPAA. Therefore, exploitation of this vulnerability could lead to non-compliance with such regulations due to potential data breaches and failure to protect sensitive information. [1, 2]