What is the CVSS score of CVE-2025-15471?

CVE-2025-15471 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 1.2%.

Which versions of Tew 713re Firmware are affected by CVE-2025-15471?

Organizations using A vulnerability face critical risk from CVE-2025-15471, a command injection vulnerability rated CVSS 9.8.

Is there a public PoC exploit available for CVE-2025-15471?

Yes, a public proof-of-concept exploit is available for CVE-2025-15471. Prioritise patching immediately. EPSS: 1.2%.

How to fix or mitigate CVE-2025-15471?

Within 24 hours: Identify all affected systems and apply vendor patches immediately. Validate that input sanitization is in place for all user-controlled parameters.

Tew 713re Firmware CVE-2025-15471

CRITICAL

Command Injection (CWE-77)

2026-01-07 cna@vuldb.com

Command Injection Tew 713re Firmware

9.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

9.8 CRITICAL

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

PoC Detected

Mar 18, 2026 - 15:16 vuln.today

Public exploit code

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

CVE Published

Jan 07, 2026 - 02:03 nvd

CRITICAL 9.8

DescriptionCVE.org

A vulnerability was detected in TRENDnet TEW-713RE 1.02. The impacted element is an unknown function of the file /goformX/formFSrvX. The manipulation of the argument SZCMD results in os command injection. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

TRENDnet TEW-713RE WiFi range extender (v1.02) has OS command injection in /goformX/formFSrvX via the SZCMD parameter. Public exploit available, vendor unresponsive. The device likely will not receive a patch.

Technical ContextAI

The formFSrvX handler passes the SZCMD parameter directly to a system command (CWE-77) without sanitization. The public exploit makes this trivially exploitable by anyone. The vendor was contacted but did not respond, suggesting the device may be abandoned.

RemediationAI

Replace this device immediately. TRENDnet has not responded to disclosure. Do not expose the management interface to any untrusted network.

CVE-2025-15471 vulnerability details – vuln.today

Back

Tew 713re Firmware CVE-2025-15471

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code