CVE 9.3 CRITICAL

TRENDnet TEW-713RE formFSrvX os command injection_CVE-2025-15471

January 6, 2026 invoker category_cve

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was detected in TRENDnet TEW-713RE 1.02. The impacted element is an unknown function of the file /goformX/formFSrvX. The manipulation of the argument SZCMD results in os command injection. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AI Analysis

OS command injection vulnerability in TRENDnet TEW-713RE formFSrvX, allowing remote attackers to execute arbitrary commands

Basic Information

ID CVE-2025-15471

Source VulDB

Published Jan 6, 2026 at 21:32

Modified Jan 6, 2026 at 21:49

Affected Product

Vendor TRENDnet

Product TEW-713RE

Version 1.02

Affected Versions TRENDnet TEW-713RE 1.02

CWE Classification

CWE-78 CWE-77

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor TRENDnet

Product TEW-713RE

Version 1.02

References

{
    "lastseen": "",
    "description": "A vulnerability was detected in TRENDnet TEW-713RE 1.02. The impacted element is an unknown function of the file /goformX/formFSrvX. The manipulation of the argument SZCMD results in os command injection. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2026-01-06T21:32:06.927Z",
    "modified": "2026-01-06T21:49:10.822Z",
    "type": "cve",
    "title": "TRENDnet TEW-713RE formFSrvX os command injection",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.339721\nhttps://vuldb.com/?ctiid.339721\nhttps://vuldb.com/?submit.721441\nhttps://pentagonal-time-3a7.notion.site/Command-Injection-Vulnerability-in-formFSrvX-of-Trendnet-TEW-713RE-2d1e5dd4c5a5801481abe7a944763d39",
    "id": "CVE-2025-15471",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78",
        "CWE-77"
    ],
    "cvelist": null,
    "sourceData": "TRENDnet TEW-713RE 1.02",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "TEW-713RE",
    "version": "1.02",
    "vendor": "TRENDnet",
    "ai_description": "OS command injection vulnerability in TRENDnet TEW-713RE formFSrvX, allowing remote attackers to execute arbitrary commands",
    "ai_severity": "Critical",
    "ai_vendor": "TRENDnet",
    "ai_product": "TEW-713RE",
    "ai_version": "1.02",
    "ai_score": 9.3
}

💭 Join the Security Discussion ❌ Cancel Reply