Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-reachable admin interface with low-complexity injection requiring an authenticated low-privilege session (PR:L); root-level command execution yields full C/I/A impact with unchanged scope.
Primary rating from Vendor (VulDB).
CVSS VectorVendor: VulDB
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
5DescriptionCVE.org
A security flaw has been discovered in Trendnet TEW-635BRM up to 1.00.03. This vulnerability affects the function ipoa_test of the file /sbin/rc of the component IPoA WAN Connection Setup. Performing a manipulation of the argument ipoa_ipaddr results in command injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. The vendor explains: "We are unable to confirm if the vulnerability exists. This item has been EOL since 2011. We will make an official announcement of possible vulnerabilities, and recommend users to switch devices." This vulnerability only affects products that are no longer supported by the maintainer.
AnalysisAI
Command injection in the TRENDnet TEW-635BRM wireless router (firmware through 1.00.03) lets an authenticated remote attacker inject OS commands via the ipoa_ipaddr argument handled by the ipoa_test function in /sbin/rc during IPoA WAN connection setup. Publicly available exploit code exists (published via VulDB and a researcher write-up), and because the device runs its control logic as a privileged system process, successful injection yields full command execution on the router. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the device to be a TRENDnet TEW-635BRM (firmware ≤1.00.03) and requires the attacker to reach and submit the IPoA WAN Connection Setup, injecting into the ipoa_ipaddr argument that ipoa_test in /sbin/rc processes. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The supplied CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H, base 7.4) indicates a network-reachable, low-complexity attack requiring some privilege (PR:L) that fully compromises the device's confidentiality, integrity, and availability, with E:P (Proof-of-Concept) maturity matching the reported public exploit. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who can reach the router's administration interface - on the LAN, or on a unit whose remote management is exposed - authenticates (or uses default/weak credentials) and submits the IPoA WAN configuration form with a crafted ipoa_ipaddr value containing shell metacharacters. When /sbin/rc's ipoa_test processes the field, the injected commands execute with the router's privileges, giving a foothold to intercept traffic, rewrite DNS/firewall rules, or pivot into the internal network. … |
| Remediation | No vendor-released patch identified at time of analysis - the device is EOL since 2011 and TRENDnet has stated it will not confirm or fix the issue, recommending users replace the hardware, so the primary remediation is device replacement with a currently supported router. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24 hours: Inventory all TRENDnet TEW-635BRM routers in production and immediately restrict administrative access; disable remote management if enabled. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Tew 635Brm
View allSame weakness CWE-77 – Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-43203
GHSA-wq7g-mf6c-75vq