CVE-2024-51189 identifies a stored Cross-Site Scripting (XSS) vulnerability in specific TRENDnet router models: TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12. The vulnerability resides in the macList_Name_1.1.1.0.0 parameter on the /filters.htm page of the router’s web management interface. Stored XSS means that malicious input submitted via this parameter is saved by the device and later rendered in the web interface without proper sanitization or encoding, allowing an attacker to inject and execute arbitrary JavaScript code in the context of the victim’s browser session. Exploitation requires the attacker to have low-level privileges (PR:L) and user interaction (UI:R), such as an authenticated user submitting crafted input. The vulnerability has a CVSS 3.1 base score of 4.8, indicating medium severity with limited confidentiality and integrity impacts and no availability impact. The scope is changed (S:C), meaning the vulnerability affects resources beyond the initially vulnerable component, potentially impacting the entire router management interface session. The attack vector is adjacent network (AV:A), meaning the attacker must be on the same local or adjacent network segment. No known exploits are reported in the wild, and no patches have been released at the time of publication. This vulnerability falls under CWE-79, the common weakness enumeration for improper neutralization of input during web page generation, leading to XSS. The vulnerability could allow attackers to hijack sessions, steal credentials, or perform unauthorized actions within the router’s web interface if exploited.

The primary impact of CVE-2024-51189 is the potential compromise of confidentiality and integrity within the affected TRENDnet router’s web management interface. An attacker exploiting this stored XSS vulnerability could execute arbitrary scripts in the context of an authenticated user’s session, potentially stealing session cookies, credentials, or manipulating router settings. This could lead to unauthorized network configuration changes, redirection of traffic, or persistent compromise of the network perimeter device. Since the attack vector is adjacent network and requires low privileges and user interaction, the risk is somewhat limited to internal or local network attackers or compromised users. However, in environments where these routers are used as gateways or in small office/home office (SOHO) settings, the impact could be significant, enabling lateral movement or persistent footholds. The lack of availability impact reduces the risk of denial-of-service, but the confidentiality and integrity risks remain notable. The absence of known exploits in the wild suggests limited current exploitation but also highlights the need for proactive mitigation before attackers develop weaponized exploits.

1. Restrict access to the router’s web management interface to trusted administrators only, preferably via secure management VLANs or VPNs, to reduce exposure to adjacent network attackers. 2. Enforce strong authentication and limit the number of users with access to the router’s web interface to minimize the risk of malicious input submission. 3. Monitor network traffic and router logs for unusual activity or unexpected changes to filter lists or device configurations that could indicate exploitation attempts. 4. Apply input validation and output encoding on the macList_Name_1.1.1.0.0 parameter if possible via firmware updates or configuration changes; since no patches are currently available, contact TRENDnet support for guidance or early firmware releases. 5. Disable or limit the use of the vulnerable /filters.htm page if feasible, or restrict its access. 6. Educate users and administrators about the risks of stored XSS and the importance of not entering untrusted data into router management interfaces. 7. Regularly check for firmware updates from TRENDnet and apply them promptly once a patch addressing this vulnerability is released. 8. Consider network segmentation to isolate vulnerable devices from critical infrastructure to limit potential lateral movement.