CVE-2025-15139

A vulnerability has been found in TRENDnet TEW-822DRE 1.00B21/1.01B06. This affects the function sub_43ACF4 of the file /boafrm/formWsc. Such manipulation of the argument peerPin leads to command injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be...

medium 6.3 CVSS 3.1

Published: Dec 28, 2025

Modified: Jan 7, 2026

Vendor: Trendnet

Versions: 1.00b21,1.01b06

Description

A vulnerability has been found in TRENDnet TEW-822DRE 1.00B21/1.01B06. This affects the function sub_43ACF4 of the file /boafrm/formWsc. Such manipulation of the argument peerPin leads to command injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

References

Related CVEs

CVSS Breakdown

Version	3.1
Score	6.3 / 10
Severity	medium

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Weakness (CWE)

CWE-74

Affected Product

Vendor	Trendnet
Product	Tew-822Dre Firmware
Versions	1.00b21,1.01b06