Login Sign Up

CVE-2024-51187

4.8 MEDIUM
Cross-Site Scripting

📋 TL;DR

This CVE describes a stored cross-site scripting (XSS) vulnerability in specific TRENDnet router models. Attackers can inject malicious scripts into the firewall rule name parameter, which then executes when administrators view the firewall settings page. This affects administrators of TRENDnet TEW-651BR, TEW-652BRP, and TEW-652BRU devices.

💻 Affected Systems

Products:
  • TRENDnet TEW-651BR
  • TRENDnet TEW-652BRP
  • TRENDnet TEW-652BRU
Versions: TEW-651BR 2.04B1, TEW-652BRP 3.04b01, TEW-652BRU 1.00b12
Operating Systems: Router firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in default configuration. Requires admin access to exploit.

📦 What is this software?

Tew 651br Firmware by Trendnet

View all CVEs affecting Tew 651br Firmware →

Tew 652brp Firmware by Trendnet

View all CVEs affecting Tew 652brp Firmware →

Tew 652bru Firmware by Trendnet

View all CVEs affecting Tew 652bru Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could steal administrator session cookies, hijack the admin session, reconfigure the router, or redirect to malicious sites, potentially gaining full control of the network device.

🟠

Likely Case

Session hijacking of the router admin interface, allowing attacker to modify network settings, change DNS, or install malicious firmware.

🟢

If Mitigated

Limited to admin interface compromise if proper network segmentation and admin authentication are in place.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit requires admin credentials to access firewall settings page. Public PoC available on GitHub.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None found

Restart Required: No

Instructions:

Check TRENDnet website for firmware updates. No official patch identified at this time.

🔧 Temporary Workarounds

Input Validation on Admin Interface

all

Manually validate and sanitize all user inputs in firewall rule names

Not applicable - manual configuration required

Restrict Admin Access

all

Limit admin interface access to specific IP addresses using firewall rules

Not applicable - configure via router admin interface

🧯 If You Can't Patch

  • Replace affected devices with supported models
  • Implement network segmentation to isolate router management interface

🔍 How to Verify

Check if Vulnerable:

Access router admin interface, navigate to /firewall_setting.htm, attempt to inject script in firewallRule_Name_1.1.1.0.0 parameter

Check Version:

Check firmware version in router admin interface under System Status or similar section

Verify Fix Applied:

Test XSS payload injection after applying any firmware updates or workarounds

📡 Detection & Monitoring

Log Indicators:

  • Unusual admin login attempts
  • Firewall rule modifications with suspicious names

Network Indicators:

  • HTTP requests to /firewall_setting.htm with script tags in parameters

SIEM Query:

http.url:"/firewall_setting.htm" AND (http.param:"firewallRule_Name" AND http.param contains "<script>")

📊 Metadata

CVE ID: CVE-2024-51187
CVSS v3 Score: 4.8 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CWE: CWE-79
Published: November 11, 2024
Last Updated: April 1, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-51187, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)