CVE-2025-15136 | TRENDnet TEW-800MB 1.0.1.0 Management Interface /goform/wizardset do_setWizard_asp WizardConfigured command injection (EUVD-2025-205509)
A vulnerability was found in TRENDnet TEW-800MB 1.0.1.0. It has been rated as critical. Affected is the function do_setWizard_asp of the file /goform/wizardset of the component Management Interface. The manipulation of the argument WizardConfigured leads to command injection.
This vulnerability is listed as CVE-2025-15136. The attack may be initiated remotely. In addition, an exploit is available.
The vendor was contacted early about this disclosure but did not respond in any way.