CVE-2026-4354
Cross-Site Scripting in TRENDnet TEW-824DRU Web Interface
Publication date: 2026-03-18
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| trendnet | tew-824dru | 1.010b01 |
| trendnet | tew-824dru | 1.04b01 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-4354 is a stored Cross-Site Scripting (XSS) vulnerability in the TRENDnet TEW-824DRU router\'s web interface, specifically in the apply_sec.cgi component within the function sub_420A78. The vulnerability arises from improper neutralization of the "language" parameter, which is assigned to a global variable without proper sanitization. This allows an attacker to inject malicious scripts that are persistently stored and executed in the context of the router\'s web interface.'}, {'type': 'paragraph', 'content': "An attacker can remotely exploit this by sending crafted input to the language parameter, which then corrupts the device's global language configuration. This leads to execution of arbitrary JavaScript code and disrupts the HTML structure of the router's login and management pages."}, {'type': 'paragraph', 'content': 'The exploit requires some user interaction and can be launched remotely. The vulnerability is classified under CWE-79 (Improper Neutralization of Input During Web Page Generation) and is associated with MITRE ATT&CK technique T1059.007 (JavaScript interpreter). No patches or vendor responses are available.'}] [1, 2, 3]
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': "This vulnerability can impact you by allowing remote attackers to execute arbitrary JavaScript code within the router's web interface, potentially compromising data integrity."}, {'type': 'paragraph', 'content': "Additionally, the persistent injection corrupts the router's global language configuration, which disrupts the HTML structure of the login and management pages, causing a persistent Denial of Service (DoS) condition on the web interface."}, {'type': 'paragraph', 'content': "As a result, legitimate users may be unable to access or manage the router's settings through the web interface, which can affect network management and security."}] [1, 2, 3]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by testing the web interface of the TRENDnet TEW-824DRU router, specifically by sending crafted requests to the apply_sec.cgi component with manipulated "language" parameters.'}, {'type': 'paragraph', 'content': 'One way to detect the vulnerability is to send a POST request with a payload that injects script code into the language parameter and observe if the web interface reflects the input unsanitized, causing script execution or disruption of the login page.'}, {'type': 'list_item', 'content': "Use curl or similar tools to send a crafted POST request to the router's apply_sec.cgi endpoint, for example:"}, {'type': 'list_item', 'content': 'curl -X POST -d "language=\\"><script>alert(\'XSS\')</script><script src="" http://[router-ip]/apply_sec.cgi'}, {'type': 'paragraph', 'content': 'If the response or subsequent login pages show script execution or broken interface elements, the device is vulnerable.'}] [1, 3]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'There are no known patches or official vendor mitigations available for this vulnerability as the vendor did not respond to the disclosure.'}, {'type': 'paragraph', 'content': 'Immediate mitigation steps include:'}, {'type': 'list_item', 'content': 'Avoid using the affected TRENDnet TEW-824DRU firmware versions 1.010B01 and 1.04B01.'}, {'type': 'list_item', 'content': 'Consider replacing the affected device with a different model or vendor that is not vulnerable.'}, {'type': 'list_item', 'content': "Restrict access to the router's web interface to trusted networks or users only, to reduce the risk of remote exploitation."}, {'type': 'list_item', 'content': 'Implement network-level protections such as firewall rules or web application firewalls to block malicious requests targeting the language parameter.'}, {'type': 'paragraph', 'content': 'Long term, strict input validation and filtering on the language parameter is recommended, but this requires firmware updates which are not currently available.'}] [1, 3]