CVE-2024-51188

low-risk

Published 2024-11-11

TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the vsRule_VirtualServerName_1.1.10.0.0 parameter on the /virtual_server.htm page.

Do I need to act?

0.11% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.8/10 Medium

ADJACENT_NETWORK / LOW complexity

Affected Products (3)

Tew-651Br Firmware

Tew-652Brp Firmware

Tew-652Bru Firmware

Affected Vendors

Trendnet

References (4)

Exploit https://github.com/4hsien/CVE-vulns/blob/main/TRENDnet/TEW-652BRP/XSS_Virtual_Se...

Broken Link https://www.trendnet.com/products/product-detail?prod=235_TEW-651BR

Broken Link https://www.trendnet.com/products/product-detail?prod=235_TEW-652BRP

Broken Link https://www.trendnet.com/products/product-detail?prod=245_TEW-652BRU

/ 100

low-risk

Severity 16/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 9/34 · Low