CVE-2024-51189 in TEW-651BR
Summary
by MITRE • 11/11/2024
TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the macList_Name_1.1.1.0.0 parameter on the /filters.htm page.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 02/28/2025
The TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 wireless routers present a critical cross-site scripting vulnerability that compromises user security and system integrity. This vulnerability resides within the web-based management interface of these network devices, specifically targeting the /filters.htm page where user input is not properly sanitized or validated. The affected parameter macList_Name_1.1.1.0.0 serves as an entry point for malicious actors to inject harmful scripts into the device's web interface, potentially affecting all users who interact with the administration panel.
The technical flaw manifests as a classic store cross-site scripting vulnerability, where malicious input is stored on the server and subsequently executed when other users access the affected page. This vulnerability falls under CWE-79 which defines cross-site scripting as a weakness where untrusted data is sent to a web browser without proper validation or escaping. The vulnerability is particularly concerning because it allows attackers to execute arbitrary scripts in the context of the victim's browser session, potentially enabling session hijacking, credential theft, or unauthorized administrative actions. The specific parameter macList_Name_1.1.1.0.0 appears to be used for managing MAC address filtering lists, making it a legitimate administrative function that could be exploited without raising immediate suspicion.
The operational impact of this vulnerability extends beyond simple script execution, as it creates potential pathways for attackers to escalate privileges and gain unauthorized access to network configurations. When users visit the /filters.htm page, any stored malicious scripts will execute automatically, potentially allowing attackers to steal session cookies, modify network settings, or redirect users to malicious sites. This vulnerability aligns with ATT&CK technique T1071.004 which covers application layer protocol: DNS, and could enable attackers to establish persistence within the network infrastructure. The affected devices are particularly vulnerable because they are consumer-grade routers that may not receive regular security updates, leaving them exposed to exploitation for extended periods.
Mitigation strategies should focus on immediate firmware updates from TRENDnet to address the identified XSS vulnerability, as well as implementing network segmentation to limit access to administrative interfaces. Organizations should enforce strict access controls limiting administrative access to these devices to trusted personnel only, while also implementing network monitoring to detect suspicious traffic patterns. The vulnerability demonstrates the importance of input validation and output encoding in web applications, as proper sanitization of user input would prevent the storage of malicious scripts. Security teams should also consider implementing web application firewalls to detect and block malicious payloads targeting this specific vulnerability. Regular vulnerability assessments and penetration testing of network infrastructure are essential to identify similar weaknesses in other networked devices that may pose similar risks to organizational security posture.