Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
7DescriptionCVE.org
A vulnerability was identified in TRENDnet TEW-824DRU 1.010B01/1.04B01. The impacted element is the function sub_420A78 of the file apply_sec.cgi of the component Web Interface. Such manipulation of the argument Language leads to cross site scripting. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
A reflected cross-site scripting (XSS) vulnerability exists in TRENDnet TEW-824DRU wireless router firmware versions 1.010B01 and 1.04B01, affecting the apply_sec.cgi web interface component. An authenticated attacker can inject malicious JavaScript through the Language parameter in the sub_420A78 function, which is then executed in the context of another user's browser session. The vulnerability is publicly exploitable (working proof-of-concept available on GitHub), has a low CVSS score (3.5) due to authentication requirements and user interaction, but represents a real security concern for router administration interfaces where multiple users may access the web UI.
Technical ContextAI
The vulnerability is a classic stored or reflected XSS flaw (CWE-79: Improper Neutralization of Input During Web Page Generation) within the apply_sec.cgi CGI script running on the TRENDnet TEW-824DRU wireless router. The affected function sub_420A78 processes the Language parameter without proper input validation or output encoding before rendering it in the HTML response. The affected product is identified via EUVD entry EUVD-2026-12685 and impacts firmware versions TEW-824DRU 1.010B01 and TEW-824DRU 1.04B01. This is a web application vulnerability in the router's administrative interface, which typically handles sensitive network configuration tasks. The root cause is inadequate input sanitization before the parameter is used in HTML generation, allowing an attacker to break out of the intended context and inject arbitrary script.
RemediationAI
Contact TRENDnet for firmware updates addressing CVE-2026-4354; however, given the vendor's non-responsiveness to disclosure, patch availability is uncertain. As an immediate workaround, restrict access to the router's web interface by disabling remote management (WAN access) and limiting administrative access to trusted local network ranges only via firewall rules. Change default credentials to strong, unique passwords if not already done. Implement network segmentation to isolate the router's administrative interface from untrusted networks. If the device supports it, enable HTTPS-only access and consider using a reverse proxy with input validation in front of the web interface. Monitor the official TRENDnet support page and https://vuldb.com/?id.351381 for any security updates, and evaluate replacement with a router from a vendor with active security support if patches do not become available within a reasonable timeframe.
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-12685