CVE ID: NA

TRENDnet is aware of an authenticated command line injection/remote code execution vulnerability in a configuration setup page involving Wi-Fi router TEW-831DR (firmware version V1.0). When exploited successfully, the intruder can make the router unusable or gain access to its operating system.

Please note that this router has reached its End of Life (EOL) and End of Support, and TRENDnet is unable to provide a solution to address this vulnerability or provide additional support. Although exploring this vulnerability requires the router’s management login user name and password, TRENDnet recommends customer to retire these products to prevent risk of devices possibly connected to it.

If you cannot replace the TEW-831DR immediately, please do the following to limit possible attack from hackers.
- Go to the TEW-831DR’s setting and uncheck (disable) the “Enable Web server access on WAN” and “Enable ping access on WAN”.
You can do this by opening web browser, open http://tew-831DR, login with user name admin and the password you have set for the TEW-831DR. From the “Site Content” on the left side of the screen, click on “WAN Settings”, and then uncheck the two boxes title mentioned above.
- Close the TEW-831DR’s setup page as soon as you have finished entering the settings. Do not leave it open while using the web browser browsing other internet websites.
- Change the TEW-831DR’s configuration page password periodically and use strong password (minimum of 12 characters and use numbers, special characters, and letters with upper and lowercase).
- Change the TEW-831DR’s Wi-Fi password periodically and use strong password.
- Only allow people you can trust to connect to your TEW-831DR.
- Power off the TEW-831DR when you are not using it.
- Power cycle the TEW-831DR every few days by disconnecting the power, wait for 30 seconds and then reconnect the power.

Acknowledgements: Dennis T, PwC | Cybersecurity & Privacy

REVISION:
8/6/2025 Initial release