CVE-2025-15137 | TRENDnet TEW-800MB 1.0.1.0 NTPSyncWithHost.cgi sub_F934 command injection

A vulnerability categorized as critical has been discovered in TRENDnet TEW-800MB 1.0.1.0. Affected by this vulnerability is the function sub_F934 of the file NTPSyncWithHost.cgi. The manipulation results in command injection.

This vulnerability is cataloged as CVE-2025-15137. The attack may be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

CVE-2025-15137 | TRENDnet TEW-800MB 1.0.1.0 NTPSyncWithHost.cgi sub_F934 command injection

Post correlati

CVE-2025-40907 | ETHER FCGI up to 0.82 on Perl fcgiapp.c ReadParams nameLen/valueLen vulnerable third-party component

CVE-2024-35742 | Code Parrots Easy Forms for Mailchimp Plugin up to 6.9.0 on WordPress authorization

CVE-2024-52026 | Netgear XR300/R6400/R7000P HTTP POST Request bsw_pppoe.cgi pppoe_localip stack-based overflow

CVE-2023-49417 | Totolink A7000R 9.1.0u.6115_B20201022 setOpModeCfg stack-based overflow