<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>EOL-Product - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/tags/eol-product/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Sun, 12 Jul 2026 06:20:59 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/tags/eol-product/feed.xml" rel="self" type="application/rss+xml"/><item><title>Remote Command Injection in Trendnet TEW-635BRM Routers (CVE-2026-15481)</title><link>https://feed.craftedsignal.io/briefs/2026-07-trendnet-tew-635brm/</link><pubDate>Sun, 12 Jul 2026 06:20:59 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-07-trendnet-tew-635brm/</guid><description>A critical remote command injection vulnerability (CVE-2026-15481) has been discovered in Trendnet TEW-635BRM routers up to version 1.00.03, allowing attackers to execute arbitrary commands by manipulating the 'ipoa_ipaddr' argument in the 'ipoa_test' function, with public exploits available for this End-of-Life product.</description><content:encoded><![CDATA[<p>A significant security flaw, tracked as CVE-2026-15481, has been identified in Trendnet TEW-635BRM routers running firmware versions up to 1.00.03. This vulnerability, boasting a CVSS v3.1 Base Score of 8.8, is a remote command injection residing within the <code>ipoa_test</code> function of the <code>/sbin/rc</code> component, specifically through the manipulation of the <code>ipoa_ipaddr</code> argument during IPoA WAN Connection Setup. This flaw permits unauthenticated, remote attackers to execute arbitrary operating system commands on the affected device, potentially leading to full device compromise. Publicly available exploits increase the immediate risk. Trendnet has confirmed that the affected TEW-635BRM model reached End-of-Life status in 2011, indicating that no official patches will be released. This poses a severe risk to organizations still utilizing these legacy devices, as they remain perpetually vulnerable to exploitation.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>An attacker identifies a Trendnet TEW-635BRM router (firmware up to 1.00.03) accessible remotely.</li>
<li>The attacker crafts a malicious HTTP request targeting the router's web interface or a management port.</li>
<li>The request includes a specially formed payload that manipulates the <code>ipoa_ipaddr</code> argument within the <code>ipoa_test</code> function.</li>
<li>The router's <code>/sbin/rc</code> component processes the request, executing the injected commands embedded within the <code>ipoa_ipaddr</code> argument.</li>
<li>The embedded commands are executed on the router with the privileges of the running process, typically root.</li>
<li>The attacker achieves remote code execution on the device, gaining complete control over the compromised router.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>Successful exploitation of CVE-2026-15481 grants attackers full remote command execution capabilities on the vulnerable Trendnet TEW-635BRM router. This can lead to unauthorized network access, data interception, denial of service, or the use of the compromised device as a pivot point for further attacks on the internal network. Given that public exploits are available and the product is End-of-Life without any vendor-provided patch, any organization still operating these devices faces an unmitigated, high-risk security exposure. There are no reported victim counts or specific targeted sectors, but any organization using this EOL hardware is at risk.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Immediately replace any Trendnet TEW-635BRM routers running firmware versions up to 1.00.03, as CVE-2026-15481 affects an End-of-Life product with no available patches.</li>
<li>Restrict network access to administrative interfaces of all network devices to only trusted internal networks, preventing remote exploitation attempts against CVE-2026-15481.</li>
<li>Conduct regular audits of network infrastructure to identify and decommission End-of-Life hardware like the Trendnet TEW-635BRM to mitigate unpatchable vulnerabilities.</li>
</ul>
]]></content:encoded><category domain="severity">high</category><category domain="type">advisory</category><category>command-injection</category><category>remote-code-execution</category><category>network-device</category><category>EOL-product</category></item></channel></rss>