LEGACY PRODUCT: TEW-828DRU HARDWARE VERSION V1.X POSSIBLE VULNERABILITIES
CVE ID: NA
TRENDnet has received report of command injection and buffer overflow vulnerabilities associate with the TEW-828DRU (firmware 1.0.9.0) configuration pages’ scripts.
This product has reached its End of Life (EOL) and End of Support, and TRENDnet is unable to provide additional support.
TRENDnet recommends customers to retire the product to prevent risk of devices possibly connected to it.
LEGACY Products: Password reset services for TRENDnet IP Camera, NVR, and DVR products
Password reset services for TRENDnet IP Camera, NVR, and DVR products may not be available due to manufacturer support limitations and End-of-Life status. We cannot guarantee password recovery for these units. Customers are advised to consider replacement options for unsupported devices.
The affected models are listed below but not limited to:
TV-IP1313PI, TV-IP1314PI, TV-IP1315PI, TV-IP1318PI, TV-IP1319PI, TV-IP1328PI, TV-IP1329PI, TV-IP310PI, TV-IP311PI, TV-IP312PI, TV-IP313PI, TV-IP314PI, TV-IP315PI, TV-IP316PI, TV-IP317PI, TV-IP318PI, TV-IP319PI, TV-IP320PI, TV-IP320PI2K, TV-IP321PI, TV-IP322WI, TV-IP323PI, TV-IP324PI, TV-IP325PI, TV-IP326PI, TV-IP328PI, TV-IP329PI, TV-IP340PI, TV-IP341PI, TV-IP342PI, TV-IP343PI (V2 ONLY), TV-IP344PI (V2 ONLY), TV-IP420P, TV-IP430PI, TV-IP440PI, TV-IP450P, TV-IP450PI, TV-IP460PI, TV-NVR104, TV-NVR104D2, TV-NVR104K, TV-NVR208, TV-NVR208D2, TV-NVR216, TV-NVR216D4, TV-NVR2208, TV-NVR2208D2, TV-NVR2216, TV-NVR2216D4, TV-NVR2432, TV-NVR2432D4, TV-NVR408, TV-NVR416
LEGACY PRODUCTS: TEW-822DRE HARDWARE VERSION V2.0R AND TV-IP110WN POSSIBLE VULNERABILITIES
TRENDnet is aware of the vulnerabilities below.
CVE-2025-8758: TEW-822DRE Wireless Range Extender, firmware 1.03B02, possible vsftpd vulnerability, which may allow attacker to take control of the device.
CVE-2025-8757: TV-IP110WN Wireless Network Camera, firmware 1.2.2 build 68, possible violation of the principle of least privilege, which may allow attached to take control of the device.
These products have reached their End of Life (EOL) and End of Support, and TRENDnet is unable to provide additional support.
TRENDnet recommends customers to retire these products to prevent risk of devices possibly connected to it.
TEW-831DR AC1200 dual-band Wi-Fi router authenticated command line injection/remote code execution vulnerability
TRENDnet is aware of an authenticated command line injection/remote code execution vulnerability in a configuration setup page involving Wi-Fi router TEW-831DR (firmware version V1.0). When exploited successfully, the intruder can make the router unusable or gain access to its operating system.
Please note that this router has reached its End of Life (EOL) and End of Support, and TRENDnet is unable to provide a solution to address this vulnerability or provide additional support. Although exploring this vulnerability requires the router’s management login user name and password, TRENDnet recommends customer to retire these products to prevent risk of devices possibly connected to it.
TEW-929DRU DUAL-BAND WIFI ROUTER CROSS-SITE SCRIPTING VULNERABILITY
TRENDnet is aware of the CVE-2025-25428
We believe CVE-2025-25428 does not affect the product, because it requires the intruders to first login to the device, but each device has aunique password.
For the cross-site script vulnerability, when exploited successfully, the intruder can redirect user’s web browser to malicious website. TRENDnet has released firmware update to address the vulnerability, please click on the link below to go to the product's firmware download page. Or, you can login to the router's management page using web browser (http://tew-929dru ), click on “Management” on the left, click on “Firmware/Configuration”, click on “CHECK” under “Online Firmware Upgrade”, and then follow the on-screen instruction to upgrade the firmware.
https://www.trendnet.com/support/support-detail.asp?prod=135_TEW-929DRU
LEGACY PRODUCTS: TEW-410APBP+, TEW-411APBP+, TEW-637AP HARDWARE VERSION V2.0R, TEW-638AP HARDWARE VERSION V2.0R, AND TEW-818DRU HARDWARE VERSION V1.XR POSSIBLE LOCAL AREA NETWORK (LAN) DENIAL OF SERVICE (DOS) VULNERABILITY
TRENDnet has received reports of Local Area Network (LAN) Denial of Service (DoS) vulnerability involving legacy Wi-Fi routers: TEW-411BRP+ firmware 2.07 and TEW-818DRU hardware version V1.xR (firmware 1.0.14.6), and legacy Wi-Fi Access Points: TEW-410APB+ (firmware 1.3.06b), TEW-637AP hardware version V2.0R (firmware 1.3.0.106), and TEW-638AP hardware version V2.0R (firmware 1.2.7). These products have reached their End of Life (EOL) and End of Support, and TRENDnet is unable to provide additional support. TRENDnet recommends customers to retire these products to prevent risk of devices possibly connected to it.
TEW-820AP Wireless AC Upgrader Possible stack overflow vulnerability
TRENDnet has received report of a possible stack overflow vulnerability involving TEW-820AP Wireless AC Upgrader that could allow a malicious cyber attacker to make the product unusable or gain access to its operating system; however, this product has reached its End of Life (EOL) and End of Support, and TRENDnet is unable to verify the vulnerability or provide additional support. TRENDnet recommends customer to retire the product to prevent risk of devices possibly connected to it.
TEW-651BR hardware version V2.3R, TEW-652BRP hardware version V3.0R, and TEW-652BRU hardware version V1.0R Wi-Fi Routers possible cross-site scripting (XSS) vulnerability
TRENDnet is aware of a possible cross-site scripting (XSS) vulnerability in a few of the configuration setup pages involving wi-fi router TEW-651BR hardware version V2.3R (firmware 2.04B1), TEW-652BRP hardware version V3.0R (firmware 3.04B01), and TEW-652BRU hardware version V1.0R (firmware 1.00b12); however, these products have reached their End of Life (EOL) and End of Support, and TRENDnet is unable to verify the vulnerability or provide additional support. TRENDnet recommends customer to retire these products to prevent risk of devices possibly connected to it.
TEW-752DRU WIRELESS ROUTER POSSIBLE BUFFER OVERFLOW VULNERABILITY
TRENDnet is aware of a possible buffer overflow vulnerability involving TEW-752DRU Wireless router that could allow a malicious cyber attacker to make the router unusable or gain access to its operating system; however, this product has reached its End of Life (EOL) and End of Support, and TRENDnet is unable to verify the vulnerability or provide additional support. TRENDnet recommends customer to retire the product to prevent risk of devices possibly connected to it.
TEW-829DRU WIRELESS ROUTER COMMAND INJECTION VULNERABILITY
TRENDnet has received report of a command injection vulnerability when the RADIUS authentication is enabled with TEW-829DRU hardware version v1.xR, firmware 1.0.3.9 and earlier. When exploited successfully, the attacker can have root access to the device. TRENDnet has released firmware update to address the vulnerability.