CVE-2024-51190 is a stored Cross-Site Scripting (XSS) vulnerability identified in TRENDnet TEW-651BR (version 2.04B1), TEW-652BRP (3.04b01), and TEW-652BRU (1.00b12) routers. The vulnerability arises from insufficient input sanitization of the ptRule_ApplicationName_1.1.6.0.0 parameter on the /special_ap.htm administrative page. An authenticated attacker with low privileges can inject malicious JavaScript code into this parameter, which is then stored persistently on the device. When an administrator or user accesses the affected page, the injected script executes in their browser context, potentially allowing theft of session cookies, unauthorized actions within the router's web interface, or redirection to malicious sites. The CVSS v3.1 base score is 4.8 (medium), reflecting the requirement for authentication and user interaction, but low attack complexity and partial confidentiality and integrity impacts. No public exploits or official patches have been reported as of the publication date (November 11, 2024). The vulnerability is classified under CWE-79 (Improper Neutralization of Input During Web Page Generation). Given the nature of router management interfaces, exploitation could facilitate further network compromise if leveraged in a targeted attack.

The primary impact of CVE-2024-51190 is the potential compromise of the confidentiality and integrity of the router's administrative interface. An attacker exploiting this stored XSS vulnerability can execute arbitrary scripts in the context of the router's web UI, potentially stealing authentication tokens or manipulating router settings. This can lead to unauthorized changes in network configurations, exposure of sensitive network information, or pivoting to internal network assets. While availability is not directly affected, the breach of router controls can indirectly disrupt network operations. Organizations relying on these TRENDnet devices, especially in environments where router management interfaces are accessible remotely or shared among multiple users, face increased risk of targeted attacks. The requirement for authentication and user interaction limits the attack surface but does not eliminate risk, particularly in environments with weak credential management or social engineering susceptibility.

To mitigate CVE-2024-51190, organizations should implement the following specific measures: 1) Restrict access to the router's management interface to trusted networks and users only, preferably via VPN or secure management VLANs. 2) Enforce strong authentication mechanisms and regularly update credentials to reduce the risk of unauthorized access. 3) Monitor and audit router logs for suspicious activities related to configuration changes or unusual access patterns. 4) Where possible, apply input validation or filtering at network gateways or web proxies to detect and block malicious payloads targeting the vulnerable parameter. 5) Stay informed on vendor advisories and apply firmware updates or patches promptly once available. 6) Educate administrators about the risks of stored XSS and the importance of cautious interaction with router management interfaces. 7) Consider network segmentation to limit the impact of a compromised router on critical infrastructure. These targeted actions go beyond generic advice by focusing on access control, monitoring, and proactive defense tailored to the vulnerability's characteristics.