Trendnet: community verdicts
9 notable / known-exploited Trendnet CVEs the community has triaged.
- CVE-2015-1187CRIT 9.8KEVEPSS 83%
The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp.
- CVE-2022-37053CRIT 9.8Real · low riskEPSS 3%
TRENDnet TEW733GR v1.03B01 is vulnerable to Command injection via /htdocs/upnpinc/gena.php.
- CVE-2022-35203HIGH 7.2Real · low riskEPSS 2%
An access control issue in TrendNet TV-IP572PI v1.0 allows unauthenticated attackers to access sensitive system information.
- CVE-2024-46484CRIT 9.8Real · low riskEPSS 1%
TRENDnet TV-IP410 vA1.0R was discovered to contain an OS command injection vulnerability via the /server/cgi-bin/testserv.cgi component.
- CVE-2021-31655MED 6.1EPSS 1%
Cross Site Scripting (XSS) vulnerability in TRENDnet TV-IP110WN V1.2.2.64 V1.2.2.65 V1.2.2.68 via the profile parameter. in a GET request in view.cgi.
- CVE-2023-51148HIGH 8Real · low riskEPSS 1%
An issue in TRENDnet Trendnet AC1200 Dual Band PoE Indoor Wireless Access Point TEW-821DAP v.3.00b06 allows an attacker to execute arbitrary code via the 'mycli' command-line interface component.
- CVE-2025-44651HIGH 7.5Real · low riskEPSS 0%
In TRENDnet TPL-430AP FW1.0, the USERLIMIT_GLOBAL option is set to 0 in the bftpd-related configuration file. This can cause DoS attacks when unlimited users are connected.
- CVE-2025-44647HIGH 7.3Real · low riskEPSS 0%
In TRENDnet TEW-WLC100P 2.03b03, the i_dont_care_about_security_and_use_aggressive_mode_psk option is enabled in the strongSwan configuration file, so that IKE Responders are allowed to use IKEv1 Aggressive Mode with Pre-Shared Keys to conduct offline attacks on the openly transmitted hash of the PSK.
- CVE-2025-44649HIGH 7.5Real · low riskEPSS 0%
In the configuration file of racoon in the TRENDnet TEW-WLC100P 2.03b03, the first item of exchage_mode is set to aggressive. Aggressive mode in IKE Phase 1 exposes identity information in plaintext, is vulnerable to offline dictionary attacks, and lacks flexibility in negotiating security parameters.