Discoverer

Team StellarFlare (Jeongwon Seok, Yeeun Lee, Haim Lee, Munju Lim, Minu Cho, Gyeongmin Hong)

Description

Trendnet TEW-929DRU devices contain a Stored Cross-site Scripting (XSS) vulnerability via the The ssid key of wifi_data parameter on the /captive_portal.htm page.

Overview

• Product : TEW-929DRU
• Firmware Version : 1.0.0.10
• Manufacturer's website information
  • https://www.trendnet.com/home
• Firmware download address
  • https://www.trendnet.com/support/support-detail.asp?prod=135_TEW-929DRU

Vulnerability Information

In the settings under the "Wireless" page, there is an option called "Guest Network”. This section allows you to configure the wireless guest network settings.