TRENDnet TEW-822DRE Command Injection Vulnerability in WSC Form Handler

A command injection vulnerability has been identified in the TRENDnet TEW-822DRE router, specifically in firmware versions 1.00B21 and 1.01B06. The issue arises in the function 'sub_43ACF4' within the file '/boafrm/formWsc'. When the Wireless Protected Setup (WPS) feature is disabled, the router fails to properly sanitize the 'peerPin' input before it is used to construct a command that is executed with root privileges. This vulnerability can be exploited remotely, but authentication is required.

Impact

Exploitation of this vulnerability allows for arbitrary command execution with root privileges on the affected device.

Reproduction

To reproduce this vulnerability, first ensure that the WPS feature is disabled. Then, send a request to the '/boafrm/formWsc' endpoint, including a 'peerPin' value that is crafted to inject commands. The router will execute the injected commands with root privileges, demonstrating the command injection flaw.