TRENDnet is aware of a series of published vulnerabilities known as FragAttacks in IEEE 802.11 standard Wi-Fi devices. The affected products are mainly wireless Access Points and Wireless Routers. To exploit these vulnerabilities, the attacker would need to connect to your Wi-Fi network. When exploited successfully, the attacker can extract data from the network, which can lead to additional exploits of your other network devices.
TRENDnet has released firmware updates to address these vulnerabilities for the following products, please click on the link to go to the corresponding product’s download page.
TRENDnet is aware of the vulnerabilities involving the TEW-714TRU Wireless Travel Router that could allow a malicious cyber attacker to take over the router and gain access to its operating system; however, this product has reached its End of Life (EoL) and End of Support, and TRENDnet is unable to provide support to resolve these vulnerabilities.
TRENDnet recommends customers to retire this product to prevent the risk of devices possibly connecting to it.
TRENDnet recently received a report stating a possible Web Server Directory Traversal Arbitrary File Access vulnerability in the 28-Port Gigabit Web Smart Switch, model TEG-30284, Hardware Version: 1.0R. An attacker may be able to exploit this issue to access sensitive information to aide in subsequent attacks.
TRENDnet was recently made aware of possible CSRF and XSS vulnerabilities in the 4-Port Broadband Router, model TW100-S4W1CA, hardware V2.0R and V2.1R. A Threat Actor can exploit these vulnerabilities and gain control of the router’s management interface.
TRENDnet has released firmware patches for buffer overflow vulnerabilities in the Link Layer Discovery Protocol (LLDP) on some of the L2 Managed Industrial Switches. For more information, please visit this page.