CSRF and XSS vulnerabilities in TW100-S4W1CA Hardware V2.0R and V2.1R

CVE ID: CVE-2021-32424 and CVE-2021-32426

TRENDnet was recently made aware of possible CSRF and XSS vulnerabilities in the 4-Port Broadband Router, model TW100-S4W1CA, hardware V2.0R and V2.1R. A Threat Actor can exploit these vulnerabilities and gain control of the router’s management interface.

We strongly recommend users take the following actions to mitigate the risk of attack:

  1. Change the router’s default IP address.
  2. While logged into the router’s configuration page, do not open any additional web pages, and do not use any email applications.
  3. After completing router configurations, click “Logout” from the menu or close the entire web browser.

 

Acknowledgements: Austin Turecek

Revision:
6-19-2021: Initial release