CVE 8.6 HIGH

TRENDnet TEW-811DRU httpd uapply.cgi setDeviceURL os command injection_CVE-2025-15472

January 6, 2026 invoker category_cve

8.6 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A flaw has been found in TRENDnet TEW-811DRU 1.0.2.0. This affects the function setDeviceURL of the file uapply.cgi of the component httpd . This manipulation of the argument DeviceURL causes os command injection. The attack can be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AI Analysis

OS command injection vulnerability in TRENDnet TEW-811DRU 1.0.2.0 via the setDeviceURL function in the uapply.cgi file of the httpd component, allowing remote attacks.

Basic Information

ID CVE-2025-15472

Source VulDB

Published Jan 6, 2026 at 22:02

Affected Product

Vendor TRENDnet

Product TEW-811DRU

Version 1.0.2.0

Affected Versions TRENDnet TEW-811DRU 1.0.2.0

CWE Classification

CWE-78 CWE-77

AI Assessment

AI Score 8.6 / 10

AI Severity High

Vendor TRENDnet

Product TEW-811DRU

Version 1.0.2.0

References

{
    "lastseen": "",
    "description": "A flaw has been found in TRENDnet TEW-811DRU 1.0.2.0. This affects the function setDeviceURL\u00a0 of the file uapply.cgi of the component httpd\u00a0. This manipulation of the argument DeviceURL causes os command injection. The attack can be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2026-01-06T22:02:06.635Z",
    "modified": "2026-01-06T22:02:06.635Z",
    "type": "cve",
    "title": "TRENDnet TEW-811DRU httpd\u00a0 uapply.cgi setDeviceURL\u00a0 os command injection",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.339722\nhttps://vuldb.com/?ctiid.339722\nhttps://vuldb.com/?submit.721874\nhttps://pentagonal-time-3a7.notion.site/TrendNet-TEW-811DRU-2d2e5dd4c5a58016a612e99853b835f8",
    "id": "CVE-2025-15472",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78",
        "CWE-77"
    ],
    "cvelist": null,
    "sourceData": "TRENDnet TEW-811DRU 1.0.2.0",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "TEW-811DRU",
    "version": "1.0.2.0",
    "vendor": "TRENDnet",
    "ai_description": "OS command injection vulnerability in TRENDnet TEW-811DRU 1.0.2.0 via the setDeviceURL function in the uapply.cgi file of the httpd component, allowing remote attacks.",
    "ai_severity": "High",
    "ai_vendor": "TRENDnet",
    "ai_product": "TEW-811DRU",
    "ai_version": "1.0.2.0",
    "ai_score": 8.6
}

💭 Join the Security Discussion ❌ Cancel Reply