CVE-2024-51187 identifies a stored cross-site scripting (XSS) vulnerability in specific firmware versions of TRENDnet routers: TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12. The flaw resides in the firewallRule_Name_1.1.1.0.0 parameter on the /firewall_setting.htm administrative page. Stored XSS vulnerabilities allow an attacker to inject malicious JavaScript code that is permanently stored on the device and executed when an authenticated user accesses the affected page. This vulnerability requires the attacker to have low privileges (authenticated user) and some user interaction (visiting the page). The CVSS vector indicates the attack is network-based (AV:A), with low attack complexity (AC:L), requiring privileges (PR:L), and user interaction (UI:R). The scope is changed (S:C), meaning the vulnerability can affect components beyond the vulnerable component. The impact affects confidentiality and integrity to a limited degree (C:L, I:L), but availability is not impacted (A:N). No patches or known exploits are currently available, and the vulnerability was published recently on November 11, 2024. The CWE classification is CWE-79, which corresponds to cross-site scripting vulnerabilities. This vulnerability could allow attackers to steal session tokens, manipulate router settings, or conduct further attacks within the network if exploited.

The primary impact of CVE-2024-51187 is on the confidentiality and integrity of the affected TRENDnet routers' administrative interface. An attacker who gains authenticated access can inject malicious scripts that execute in the context of the router's web interface, potentially stealing session cookies, hijacking administrative sessions, or altering firewall rules and other configurations. This could lead to unauthorized network access, data interception, or persistent compromise of the network environment. However, the vulnerability does not directly affect device availability, so denial of service is unlikely. Since exploitation requires authentication and user interaction, the risk is somewhat mitigated but still significant in environments where multiple users have access to router management or where credentials may be compromised. Organizations relying on these TRENDnet models for network perimeter security could face increased risk of lateral movement and data breaches if this vulnerability is exploited.

1. Restrict access to the router's administrative interface to trusted personnel only, ideally limiting access to secure management VLANs or via VPN. 2. Enforce strong authentication mechanisms and regularly update credentials to reduce the risk of unauthorized access. 3. Monitor router management interfaces for unusual activity or unexpected changes in firewall rules. 4. Disable or limit the use of the vulnerable firewallRule_Name_1.1.1.0.0 parameter if possible until a patch is available. 5. Regularly check TRENDnet's official channels for firmware updates or security advisories addressing this vulnerability and apply patches promptly once released. 6. Employ network segmentation to limit the impact of a compromised router. 7. Educate administrators about the risks of stored XSS and the importance of cautious interaction with router management pages. 8. Consider deploying web application firewalls or intrusion detection systems that can detect and block XSS payloads targeting router interfaces.