CVE-2013-3098

TRENDnet TEW-812DRU <1.0.9.0 - CSRF

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-3098.

AI-analyzed exploit summary This HTML-based exploit leverages CSRF and command injection vulnerabilities in TRENDnet TEW-812DRU routers to enable telnet access and modify iptables rules, allowing remote command execution. The PoC automates the attack via JavaScript form submissions to vulnerable CGI endpoints.

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in TRENDnet TEW-812DRU router with firmware before 1.0.9.0 allow remote attackers to hijack the authentication of administrators for requests that (1) change admin credentials in a request to setSysAdm.cgi, (2) enable remote management or (3) enable port forwarding in an Apply action to uapply.cgi, or (4) have unspecified impact via a request to setNTP.cgi. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC

htmlwebappshardware

https://www.exploit-db.com/exploits/27177

View Code ZIP pw:eip

This HTML-based exploit leverages CSRF and command injection vulnerabilities in TRENDnet TEW-812DRU routers to enable telnet access and modify iptables rules, allowing remote command execution. The PoC automates the attack via JavaScript form submissions to vulnerable CGI endpoints.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: TRENDnet TEW-812DRU

No auth needed

Prerequisites: Victim must visit the malicious HTML page · Router must be accessible on the local network (192.168.10.1)

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (5)

Core 5

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/95803

Exploit x_refsource_misc

http://securityevaluators.com/content/case-studies/routers/Vulnerability_Catalog.pdf

Exploit x_refsource_misc

http://securityevaluators.com/knowledge/case_studies/routers/trendnet_tew-812dru.php

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/54310

Exploit x_refsource_misc

http://infosec42.blogspot.com/2013/07/exploit-trendnet-tew-812dru-csrfcommand.html

Scores

EPSS 0.0035

EPSS Percentile 57.8%

Details

CWE

CWE-352

Status published

Products (2)

trendnet/tew-812dru

trendnet/tew-812dru_firmware 1.0.8.0

Published Feb 04, 2014

Tracked Since Feb 18, 2026