Vulnerability Title: Pre-auth Command Injection Vulnerability in formFSrvX of Trendnet TEW-713RE
Discovered by: Jingwei Feng
Contact Information: [email protected]
Affected Version: Trendnet TEW-713RE firmware 1.02 https://downloads.trendnet.com/TEW-713RE/firmware/FW_TEW-713RE(1.02).zip
Component: Embedded web server (goformX management interface)
A pre-authentication Command Injection vulnerability has been discovered in the formFSrvX handler of the Trendnet TEW-713RE firmware.
This vulnerability allows a remote, unauthenticated attacker to execute arbitrary shell commands with root privileges by sending a crafted HTTP request to the /goformX/formFSrvX endpoint.
The vulnerability was identified through firmware reverse engineering and frontend–backend interaction analysis.
The affected interface is intended for internal system management operations (such as rebooting the device or applying configuration changes), but it exposes a highly dangerous command execution mechanism to unauthenticated users.
During firmware analysis of Trendnet TEW-713RE, the extracted filesystem revealed several management-related HTML pages and GoForm handlers under the goformX namespace.
Although the backend implementation of formFSrvX (e.g., websFormHandlerX) was not present in the available source code (likely compiled into proprietary binaries), its behavior can be reliably inferred and confirmed through frontend logic and runtime behavior.
applyReboot.htm)The following frontend pages were identified:
applyReboot.htm