{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/tew-635brm-up-to-1.00.03/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-15481"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["TEW-635BRM (up to 1.00.03)"],"_cs_severities":["high"],"_cs_tags":["command-injection","remote-code-execution","network-device","EOL-product"],"_cs_type":"advisory","_cs_vendors":["Trendnet"],"content_html":"\u003cp\u003eA significant security flaw, tracked as CVE-2026-15481, has been identified in Trendnet TEW-635BRM routers running firmware versions up to 1.00.03. This vulnerability, boasting a CVSS v3.1 Base Score of 8.8, is a remote command injection residing within the \u003ccode\u003eipoa_test\u003c/code\u003e function of the \u003ccode\u003e/sbin/rc\u003c/code\u003e component, specifically through the manipulation of the \u003ccode\u003eipoa_ipaddr\u003c/code\u003e argument during IPoA WAN Connection Setup. This flaw permits unauthenticated, remote attackers to execute arbitrary operating system commands on the affected device, potentially leading to full device compromise. Publicly available exploits increase the immediate risk. Trendnet has confirmed that the affected TEW-635BRM model reached End-of-Life status in 2011, indicating that no official patches will be released. This poses a severe risk to organizations still utilizing these legacy devices, as they remain perpetually vulnerable to exploitation.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies a Trendnet TEW-635BRM router (firmware up to 1.00.03) accessible remotely.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request targeting the router's web interface or a management port.\u003c/li\u003e\n\u003cli\u003eThe request includes a specially formed payload that manipulates the \u003ccode\u003eipoa_ipaddr\u003c/code\u003e argument within the \u003ccode\u003eipoa_test\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eThe router's \u003ccode\u003e/sbin/rc\u003c/code\u003e component processes the request, executing the injected commands embedded within the \u003ccode\u003eipoa_ipaddr\u003c/code\u003e argument.\u003c/li\u003e\n\u003cli\u003eThe embedded commands are executed on the router with the privileges of the running process, typically root.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves remote code execution on the device, gaining complete control over the compromised router.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-15481 grants attackers full remote command execution capabilities on the vulnerable Trendnet TEW-635BRM router. This can lead to unauthorized network access, data interception, denial of service, or the use of the compromised device as a pivot point for further attacks on the internal network. Given that public exploits are available and the product is End-of-Life without any vendor-provided patch, any organization still operating these devices faces an unmitigated, high-risk security exposure. There are no reported victim counts or specific targeted sectors, but any organization using this EOL hardware is at risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately replace any Trendnet TEW-635BRM routers running firmware versions up to 1.00.03, as CVE-2026-15481 affects an End-of-Life product with no available patches.\u003c/li\u003e\n\u003cli\u003eRestrict network access to administrative interfaces of all network devices to only trusted internal networks, preventing remote exploitation attempts against CVE-2026-15481.\u003c/li\u003e\n\u003cli\u003eConduct regular audits of network infrastructure to identify and decommission End-of-Life hardware like the Trendnet TEW-635BRM to mitigate unpatchable vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-12T06:20:59Z","date_published":"2026-07-12T06:20:59Z","id":"https://feed.craftedsignal.io/briefs/2026-07-trendnet-tew-635brm/","summary":"A critical remote command injection vulnerability (CVE-2026-15481) has been discovered in Trendnet TEW-635BRM routers up to version 1.00.03, allowing attackers to execute arbitrary commands by manipulating the 'ipoa_ipaddr' argument in the 'ipoa_test' function, with public exploits available for this End-of-Life product.","title":"Remote Command Injection in Trendnet TEW-635BRM Routers (CVE-2026-15481)","url":"https://feed.craftedsignal.io/briefs/2026-07-trendnet-tew-635brm/"}],"language":"en","title":"CraftedSignal Threat Feed - TEW-635BRM (Up to 1.00.03)","version":"https://jsonfeed.org/version/1.1"}