| Title | TRENDnet TEW-822DRE v1.01B06 / 1.00B21 Command Injection |
|---|
| Description | A vulnerability was found in Trendnet TEW-822DRE firmware version 1.00b21 (and 1.00b06). It has been classified as critical. This vulnerability affects the function formWsc within the boa web server component . The manipulation of the argument peerPin leads to command injection. The attack can be initiated remotely but requires authentication. The vulnerability is triggered only when the Wireless Protected
Setup (WPS) feature is in a "disabled" state. In this specific configuration, the application fails to sanitize the peerPin input before concatenating it into a shell command string via sprintf and executing it with system(), allowing an attacker to execute arbitrary commands with root privileges. |
|---|
| Source | ⚠️ https://pentagonal-time-3a7.notion.site/TRENDnet-TEW-822DRE-Command-Injection-2c9e5dd4c5a580f190e9c411ad627e9a#2c9e5dd4c5a5801dae7ad20828639d4b |
|---|
| User | Anonymous User |
|---|
| Submission | 12/14/2025 10:06 (4 months ago) |
|---|
| Moderation | 12/27/2025 11:12 (13 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 338517 [TRENDnet TEW-822DRE 1.00B21/1.01B06 /boafrm/formWsc sub_43ACF4 peerPin command injection] |
|---|
| Points | 17 |
|---|