CVE ID: CVE-2021-32424 and CVE-2021-32426
TRENDnet was recently made aware of possible CSRF and XSS vulnerabilities in the 4-Port Broadband Router, model TW100-S4W1CA, hardware V2.0R and V2.1R. A Threat Actor can exploit these vulnerabilities and gain control of the router’s management interface.
We strongly recommend users take the following actions to mitigate the risk of attack:
- Change the router’s default IP address.
- While logged into the router’s configuration page, do not open any additional web pages, and do not use any email applications.
- After completing router configurations, click “Logout” from the menu or close the entire web browser.
Acknowledgements: Austin Turecek
6-19-2021: Initial release