Tew 635Brm
Monthly
Command injection in the TRENDnet TEW-635BRM wireless router (firmware through 1.00.03) lets an authenticated remote attacker inject OS commands via the ipoa_ipaddr argument handled by the ipoa_test function in /sbin/rc during IPoA WAN connection setup. Publicly available exploit code exists (published via VulDB and a researcher write-up), and because the device runs its control logic as a privileged system process, successful injection yields full command execution on the router. The product has been end-of-life since 2011 and the vendor will not issue a fix, so exposure is permanent for still-deployed units; there is no CISA KEV listing or confirmation of active exploitation.
Stack-based buffer overflow in the TRENDnet TEW-635BRM wireless router (firmware up to 1.00.03) lets an authenticated remote attacker overflow a fixed-size stack buffer through the device_name argument handled by the start_httpd function in /sbin/rc, potentially achieving arbitrary code execution on the device. Publicly available exploit code exists (VulDB), though it is not listed in CISA KEV, so there is no public exploit identified as actively exploited at time of analysis. The device has been end-of-life since 2011 and the vendor declined to confirm the flaw, meaning no fix will be issued.
Command injection in the TRENDnet TEW-635BRM wireless router (firmware through 1.00.03) lets an authenticated remote attacker inject OS commands via the ipoa_ipaddr argument handled by the ipoa_test function in /sbin/rc during IPoA WAN connection setup. Publicly available exploit code exists (published via VulDB and a researcher write-up), and because the device runs its control logic as a privileged system process, successful injection yields full command execution on the router. The product has been end-of-life since 2011 and the vendor will not issue a fix, so exposure is permanent for still-deployed units; there is no CISA KEV listing or confirmation of active exploitation.
Stack-based buffer overflow in the TRENDnet TEW-635BRM wireless router (firmware up to 1.00.03) lets an authenticated remote attacker overflow a fixed-size stack buffer through the device_name argument handled by the start_httpd function in /sbin/rc, potentially achieving arbitrary code execution on the device. Publicly available exploit code exists (VulDB), though it is not listed in CISA KEV, so there is no public exploit identified as actively exploited at time of analysis. The device has been end-of-life since 2011 and the vendor declined to confirm the flaw, meaning no fix will be issued.