Customer Support | TRENDnet

TEW-929DRU DUAL-BAND WIFI ROUTER CROSS-SITE SCRIPTING VULNERABILITY

CVE ID: CVE-2025-25428, CVE-2025-25429 CVE-2025-25430,CVE-2025-25431

TRENDnet is aware of the CVE-2025-25428 hardcoded password and CVE-2025-25429, CVE-2025-25430, and CVE-2025-25431 cross-site scripting vulnerabilities with TEW-929DRU hardware version v1.0R, firmware 1.0.0.10.

We believe CVE-2025-25428 does not affect the product, because it requires the intruders to first login to the device, but each device has aunique password.

For the cross-site script vulnerability, when exploited successfully, the intruder can redirect user’s web browser to malicious website. TRENDnet has released firmware update to address the vulnerability, please click on the link below to go to the product's firmware download page.Or, you can login to the router's management page using web browser (http://tew-929dru ), click on “Management” on the left, click on “Firmware/Configuration”, click on “CHECK” under “Online Firmware Upgrade”, and then follow the on-screen instruction to upgrade the firmware.
https://www.trendnet.com/support/support-detail.asp?prod=135_TEW-929DRU

REVISION:
5/12/2025 Initial release

Switches

Unmanaged

Managed

Multi-Gigabit

PoE

Managed PoE

PoE Injectors & Splitters

Wireless

Routers

Access Points

Adapters

More

Wired

Fiber

Patch Panels & Jacks

Network Adapters

KVMs

Powerline & MoCA

More

Surveillance

IP Cameras

NVRs

Industrial

Switches

PoE Switches

PoE Injector, Extender, Splitter

Fiber

More

More

Managed PDUs

WiFi Presenters

USB & USB-C

Tools & Testers

Accessories