CVE-2025-15139

CVE-2025-15139 is a command injection vulnerability in the TRENDnet TEW-822DRE AC1200 Dual Band Wireless Router running firmware versions 1.00B21 or 1.01B06. The flaw resides in the function sub_43ACF4 within the /boafrm/formWsc file, where the peerPin argument is improperly handled, allowing attackers to inject arbitrary commands. Associated with CWEs-74 (injection) and CWE-77 (command injection), it carries a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L), indicating medium severity.

The vulnerability enables remote exploitation by attackers who possess low privileges (PR:L), such as authenticated users on the device. By manipulating the peerPin parameter during interactions with the WSC (Wi-Fi Protected Setup) form, an attacker can execute arbitrary commands on the underlying system, potentially leading to limited impacts on confidentiality, integrity, and availability as per the CVSS metrics.

Advisories from VulDB and the disclosure on Notion.site note that the exploit has been publicly released and may be actively used, but the vendor was contacted early without any response or patch availability mentioned. Security practitioners should isolate affected devices, restrict administrative access, and monitor for anomalous command execution until firmware updates are provided.

Notably, the public disclosure of the exploit increases the risk of real-world exploitation against unpatched TRENDnet TEW-822DRE routers still in use.