CVE-2025-15471

CRITICAL
2026-01-07 [email protected]
9.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
PoC Detected
Mar 18, 2026 - 15:16 vuln.today
Public exploit code
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Jan 07, 2026 - 02:03 nvd
CRITICAL 9.8

Tags

Command Injection Tew 713re Firmware

Description

A vulnerability was detected in TRENDnet TEW-713RE 1.02. The impacted element is an unknown function of the file /goformX/formFSrvX. The manipulation of the argument SZCMD results in os command injection. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Analysis

TRENDnet TEW-713RE WiFi range extender (v1.02) has OS command injection in /goformX/formFSrvX via the SZCMD parameter. Public exploit available, vendor unresponsive. The device likely will not receive a patch.

Technical Context

The formFSrvX handler passes the SZCMD parameter directly to a system command (CWE-77) without sanitization. The public exploit makes this trivially exploitable by anyone. The vendor was contacted but did not respond, suggesting the device may be abandoned.

Affected Products

TRENDnet TEW-713RE v1.02

Remediation

Replace this device immediately. TRENDnet has not responded to disclosure. Do not expose the management interface to any untrusted network.

Priority Score

70
Low Medium High Critical
KEV: 0
EPSS: +1.2
CVSS: +49
POC: +20

Share

CVE-2025-15471 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy