Vulnerabilites related to trendnet - tew-827dru_firmware
Vulnerability from fkie_nvd
Published
2021-12-30 22:15
Modified
2024-11-21 05:46
Severity ?
Summary
Trendnet AC2600 TEW-827DRU version 2.08B01 contains an security flaw in the web interface. HTTPS is not enabled on the device by default. This results in cleartext transmission of sensitive information such as passwords.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vulnreport@tenable.com | https://www.tenable.com/security/research/tra-2021-54 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2021-54 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendnet | tew-827dru_firmware | 2.08b01 | |
| trendnet | tew-827dru | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:trendnet:tew-827dru_firmware:2.08b01:*:*:*:*:*:*:*",
"matchCriteriaId": "9C008C1E-18D3-4A0C-97A1-89009310C55B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:trendnet:tew-827dru:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6A79A7-46A7-446F-B512-4C75B5C214CE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Trendnet AC2600 TEW-827DRU version 2.08B01 contains an security flaw in the web interface. HTTPS is not enabled on the device by default. This results in cleartext transmission of sensitive information such as passwords."
},
{
"lang": "es",
"value": "Trendnet AC2600 TEW-827DRU versi\u00f3n 2.08B01, contiene un fallo de seguridad en la interfaz web. HTTPS no est\u00e1 habilitado en el dispositivo por defecto. Esto resulta en una transmisi\u00f3n en texto sin cifrar de informaci\u00f3n confidencial, como las contrase\u00f1as."
}
],
"id": "CVE-2021-20154",
"lastModified": "2024-11-21T05:46:01.593",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-30T22:15:08.800",
"references": [
{
"source": "vulnreport@tenable.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2021-54"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2021-54"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-319"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-30 22:15
Modified
2024-11-21 05:46
Severity ?
Summary
Trendnet AC2600 TEW-827DRU version 2.08B01 stores credentials in plaintext. Usernames and passwords are stored in plaintext in the config files on the device. For example, /etc/config/cameo contains the admin password in plaintext.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vulnreport@tenable.com | https://www.tenable.com/security/research/tra-2021-54 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2021-54 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendnet | tew-827dru_firmware | 2.08b01 | |
| trendnet | tew-827dru | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:trendnet:tew-827dru_firmware:2.08b01:*:*:*:*:*:*:*",
"matchCriteriaId": "9C008C1E-18D3-4A0C-97A1-89009310C55B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:trendnet:tew-827dru:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6A79A7-46A7-446F-B512-4C75B5C214CE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Trendnet AC2600 TEW-827DRU version 2.08B01 stores credentials in plaintext. Usernames and passwords are stored in plaintext in the config files on the device. For example, /etc/config/cameo contains the admin password in plaintext."
},
{
"lang": "es",
"value": "Trendnet AC2600 TEW-827DRU versi\u00f3n 2.08B01, almacena las credenciales en texto plano. Los nombres de usuario y las contrase\u00f1as se almacenan en texto plano en los archivos de configuraci\u00f3n del dispositivo. Por ejemplo, /etc/config/cameo contiene la contrase\u00f1a de administrador en texto plano.\n"
}
],
"id": "CVE-2021-20162",
"lastModified": "2024-11-21T05:46:02.550",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-30T22:15:09.203",
"references": [
{
"source": "vulnreport@tenable.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2021-54"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2021-54"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-312"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-02 13:15
Modified
2024-11-21 04:24
Severity ?
Summary
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the UDP Ports To Open in Add Gaming Rule.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendnet | tew-827dru_firmware | * | |
| trendnet | tew-827dru | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:trendnet:tew-827dru_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D428A57C-BDA5-4E0D-A922-7A923DD48717",
"versionEndExcluding": "2.05b11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:trendnet:tew-827dru:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4079F0DD-CD82-4315-934F-3F49F9823760",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the UDP Ports To Open in Add Gaming Rule."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en el firmware TRENDnet TEW-827DRU anterior de 2.05B11. Hay una inyecci\u00f3n de comando en apply.cgi (aprovechable con identificaci\u00f3n) a trav\u00e9s de los puertos UDP para abrir en Agregar regla de juego"
}
],
"id": "CVE-2019-13148",
"lastModified": "2024-11-21T04:24:18.247",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-02T13:15:12.070",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TeamSeri0us/pocs/blob/master/iot/trendnet/cmdinject678.jpg"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TeamSeri0us/pocs/blob/master/iot/trendnet/cmdinject678.jpg"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-15 04:15
Modified
2024-11-21 05:02
Severity ?
Summary
TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action pppoe_connect, ru_pppoe_connect, or dhcp_connect with the key wan_ifname (or wan0_dns), allowing an authenticated user to run arbitrary commands on the device.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendnet | tew-827dru_firmware | * | |
| trendnet | tew-827dru | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:trendnet:tew-827dru_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0AF225D0-9D58-4789-AE34-A3281538509D",
"versionEndIncluding": "2.06b04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:trendnet:tew-827dru:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4079F0DD-CD82-4315-934F-3F49F9823760",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action pppoe_connect, ru_pppoe_connect, or dhcp_connect with the key wan_ifname (or wan0_dns), allowing an authenticated user to run arbitrary commands on the device."
},
{
"lang": "es",
"value": "Los dispositivos TRENDnet TEW-827DRU versiones hasta 2.06B04, contienen m\u00faltiples inyecciones de comandos en el archivo apply.cgi por medio de la acci\u00f3n pppoe_connect, ru_pppoe_connect o dhcp_connect en la clave wan_ifname (o wan0_dns), permitiendo a un usuario autenticado ejecutar comandos arbitrarios en el dispositivo"
}
],
"id": "CVE-2020-14075",
"lastModified": "2024-11-21T05:02:34.577",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-15T04:15:13.330",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/TRENDnet-dhcp_connect.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/dhcp_connect_command.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/TRENDnet-dhcp_connect.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/dhcp_connect_command.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-15 04:15
Modified
2024-11-21 05:02
Severity ?
Summary
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action auto_up_fw (or auto_up_lp) with a sufficiently long update_file_name key.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendnet | tew-827dru_firmware | * | |
| trendnet | tew-827dru | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:trendnet:tew-827dru_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0AF225D0-9D58-4789-AE34-A3281538509D",
"versionEndIncluding": "2.06b04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:trendnet:tew-827dru:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4079F0DD-CD82-4315-934F-3F49F9823760",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action auto_up_fw (or auto_up_lp) with a sufficiently long update_file_name key."
},
{
"lang": "es",
"value": "Los dispositivos TRENDnet TEW-827DRU versiones hasta 2.06B04, contienen un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en el binario ssi. El desbordamiento permite a un usuario autenticado ejecutar c\u00f3digo arbitrario en la funci\u00f3n POSTing en el archivo apply_sec.cgi por medio de la acci\u00f3n auto_up_fw (o auto_up_lp) con una clave de update_file_name lo suficientemente larga"
}
],
"id": "CVE-2020-14079",
"lastModified": "2024-11-21T05:02:35.853",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-15T04:15:13.610",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/TRENDnet-auto_up_fw.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/TRENDnet-auto_up_lp.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/auto_up_fw_overflow.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/auto_up_lp_overflow.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/TRENDnet-auto_up_fw.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/TRENDnet-auto_up_lp.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/auto_up_fw_overflow.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/auto_up_lp_overflow.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-10 17:15
Modified
2024-11-21 04:24
Severity ?
Summary
TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple stack-based buffer overflows when processing user input for the setup wizard, allowing an unauthenticated user to execute arbitrary code. The vulnerability can be exercised on the local intranet or remotely if remote administration is enabled.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/fuzzywalls/TRENDNetExploits/tree/master/CVE-2019-13279 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/fuzzywalls/TRENDNetExploits/tree/master/CVE-2019-13279 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendnet | tew-827dru_firmware | * | |
| trendnet | tew-827dru | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:trendnet:tew-827dru_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D82CCAA8-61AC-4695-BCF8-CDFEC3D72368",
"versionEndIncluding": "2.04b03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:trendnet:tew-827dru:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6A79A7-46A7-446F-B512-4C75B5C214CE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple stack-based buffer overflows when processing user input for the setup wizard, allowing an unauthenticated user to execute arbitrary code. The vulnerability can be exercised on the local intranet or remotely if remote administration is enabled."
},
{
"lang": "es",
"value": "El dispositivo TEW-827DRU hasta la versi\u00f3n de firmware 2.04B03 e incluida de TRENDnet, contiene m\u00faltiples desbordamientos de b\u00fafer en la regi\u00f3n stack de la memoria al procesar la entrada del usuario para el asistente de configuraci\u00f3n, lo que permite a un usuario no autenticado ejecutar c\u00f3digo arbitrario. La vulnerabilidad se puede ejercer en la intranet local o remotamente, si la administraci\u00f3n remota est\u00e1 habilitada."
}
],
"id": "CVE-2019-13279",
"lastModified": "2024-11-21T04:24:36.813",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-10T17:15:12.710",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/fuzzywalls/TRENDNetExploits/tree/master/CVE-2019-13279"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/fuzzywalls/TRENDNetExploits/tree/master/CVE-2019-13279"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-30 22:15
Modified
2024-11-21 05:46
Severity ?
Summary
Trendnet AC2600 TEW-827DRU version 2.08B01 contains a symlink vulnerability in the bittorrent functionality. If enabled, the bittorrent functionality is vulnerable to a symlink attack that could lead to remote code execution on the device. If an end user inserts a flash drive with a malicious symlink on it that the bittorrent client can write downloads to, then a user is able to download arbitrary files to any desired location on the devices filesystem, which could lead to remote code execution. Example directories vulnerable to this include "config", "downloads", and "torrents", though it should be noted that "downloads" is the only vector that allows for arbitrary files to be downloaded to arbitrary locations.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vulnreport@tenable.com | https://www.tenable.com/security/research/tra-2021-54 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2021-54 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendnet | tew-827dru_firmware | 2.08b01 | |
| trendnet | tew-827dru | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:trendnet:tew-827dru_firmware:2.08b01:*:*:*:*:*:*:*",
"matchCriteriaId": "9C008C1E-18D3-4A0C-97A1-89009310C55B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:trendnet:tew-827dru:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6A79A7-46A7-446F-B512-4C75B5C214CE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Trendnet AC2600 TEW-827DRU version 2.08B01 contains a symlink vulnerability in the bittorrent functionality. If enabled, the bittorrent functionality is vulnerable to a symlink attack that could lead to remote code execution on the device. If an end user inserts a flash drive with a malicious symlink on it that the bittorrent client can write downloads to, then a user is able to download arbitrary files to any desired location on the devices filesystem, which could lead to remote code execution. Example directories vulnerable to this include \"config\", \"downloads\", and \"torrents\", though it should be noted that \"downloads\" is the only vector that allows for arbitrary files to be downloaded to arbitrary locations."
},
{
"lang": "es",
"value": "Trendnet AC2600 TEW-827DRU versi\u00f3n 2.08B01, contiene una vulnerabilidad de symlink en la funcionalidad bittorrent. Si est\u00e1 habilitada, la funcionalidad de bittorrent es vulnerable a un ataque de enlace simb\u00f3lico que podr\u00eda conllevar a una ejecuci\u00f3n de c\u00f3digo remota en el dispositivo. Si un usuario final inserta una unidad flash con un enlace simb\u00f3lico malicioso en el que el cliente bittorrent puede escribir descargas, entonces un usuario es capaz de descargar archivos arbitrarios en cualquier ubicaci\u00f3n deseada en el sistema de archivos del dispositivo, lo que podr\u00eda conllevar a una ejecuci\u00f3n de c\u00f3digo remota. Ejemplos de directorios vulnerables a esto incluyen \"config\", \"downloads\", y \"torrents\", aunque debe notarse que \"downloads\" es el \u00fanico vector que permite la descarga de archivos arbitrarios a ubicaciones arbitrarias.\n"
}
],
"id": "CVE-2021-20153",
"lastModified": "2024-11-21T05:46:01.477",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-30T22:15:08.753",
"references": [
{
"source": "vulnreport@tenable.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2021-54"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2021-54"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-10 17:15
Modified
2024-11-21 04:24
Severity ?
Summary
TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains a stack-based buffer overflow in the ssi binary. The overflow allows an unauthenticated user to execute arbitrary code by providing a sufficiently long query string when POSTing to any valid cgi, txt, asp, or js file. The vulnerability can be exercised on the local intranet or remotely if remote administration is enabled.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/fuzzywalls/TRENDNetExploits/tree/master/CVE-2019-13276 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/fuzzywalls/TRENDNetExploits/tree/master/CVE-2019-13276 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendnet | tew-827dru_firmware | * | |
| trendnet | tew-827dru | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:trendnet:tew-827dru_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D82CCAA8-61AC-4695-BCF8-CDFEC3D72368",
"versionEndIncluding": "2.04b03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:trendnet:tew-827dru:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6A79A7-46A7-446F-B512-4C75B5C214CE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains a stack-based buffer overflow in the ssi binary. The overflow allows an unauthenticated user to execute arbitrary code by providing a sufficiently long query string when POSTing to any valid cgi, txt, asp, or js file. The vulnerability can be exercised on the local intranet or remotely if remote administration is enabled."
},
{
"lang": "es",
"value": "El dispositivo TEW-827DRU hasta la versi\u00f3n de firmware 2.04B03 e incluida de TRENDnet, contiene un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en el binario ssi. El desbordamiento permite a un usuario no identificado ejecutar c\u00f3digo arbitrario proporcionando una cadena de consulta suficientemente larga durante el POSTing de cualquier archivo cgi, txt, asp o js v\u00e1lido. La vulnerabilidad puede ser ejercida en la intranet local o remotamente, si la administraci\u00f3n remota est\u00e1 habilitada."
}
],
"id": "CVE-2019-13276",
"lastModified": "2024-11-21T04:24:36.397",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-10T17:15:12.337",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/fuzzywalls/TRENDNetExploits/tree/master/CVE-2019-13276"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/fuzzywalls/TRENDNetExploits/tree/master/CVE-2019-13276"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-30 22:15
Modified
2024-11-21 05:46
Severity ?
Summary
Trendnet AC2600 TEW-827DRU version 2.08B01 is vulnerable to command injection. The system log functionality of the firmware allows for command injection as root by supplying a malformed parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vulnreport@tenable.com | https://www.tenable.com/security/research/tra-2021-54 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2021-54 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendnet | tew-827dru_firmware | 2.08b01 | |
| trendnet | tew-827dru | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:trendnet:tew-827dru_firmware:2.08b01:*:*:*:*:*:*:*",
"matchCriteriaId": "9C008C1E-18D3-4A0C-97A1-89009310C55B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:trendnet:tew-827dru:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6A79A7-46A7-446F-B512-4C75B5C214CE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Trendnet AC2600 TEW-827DRU version 2.08B01 is vulnerable to command injection. The system log functionality of the firmware allows for command injection as root by supplying a malformed parameter."
},
{
"lang": "es",
"value": "Trendnet AC2600 TEW-827DRU versi\u00f3n 2.08B01, es vulnerable a una inyecci\u00f3n de comandos. La funcionalidad system log del firmware permite una inyecci\u00f3n de comandos como root al suministrar un par\u00e1metro malformado."
}
],
"id": "CVE-2021-20159",
"lastModified": "2024-11-21T05:46:02.203",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-30T22:15:09.060",
"references": [
{
"source": "vulnreport@tenable.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2021-54"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2021-54"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-30 22:15
Modified
2024-11-21 05:46
Severity ?
Summary
Trendnet AC2600 TEW-827DRU version 2.08B01 leaks information via the ftp web page. Usernames and passwords for all ftp users are revealed in plaintext on the ftpserver.asp page.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vulnreport@tenable.com | https://www.tenable.com/security/research/tra-2021-54 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2021-54 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendnet | tew-827dru_firmware | 2.08b01 | |
| trendnet | tew-827dru | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:trendnet:tew-827dru_firmware:2.08b01:*:*:*:*:*:*:*",
"matchCriteriaId": "9C008C1E-18D3-4A0C-97A1-89009310C55B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:trendnet:tew-827dru:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6A79A7-46A7-446F-B512-4C75B5C214CE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Trendnet AC2600 TEW-827DRU version 2.08B01 leaks information via the ftp web page. Usernames and passwords for all ftp users are revealed in plaintext on the ftpserver.asp page."
},
{
"lang": "es",
"value": "Trendnet AC2600 TEW-827DRU versi\u00f3n 2.08B01, filtra informaci\u00f3n por medio de la p\u00e1gina web ftp. Los nombres de usuario y las contrase\u00f1as de todos los usuarios de ftp se revelan en texto plano en la p\u00e1gina ftpserver.asp."
}
],
"id": "CVE-2021-20163",
"lastModified": "2024-11-21T05:46:02.673",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-30T22:15:09.260",
"references": [
{
"source": "vulnreport@tenable.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2021-54"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2021-54"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-15 04:15
Modified
2024-11-21 05:02
Severity ?
Summary
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action set_sta_enrollee_pin_wifi1 (or set_sta_enrollee_pin_wifi0) with a sufficiently long wps_sta_enrollee_pin key.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendnet | tew-827dru_firmware | * | |
| trendnet | tew-827dru | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:trendnet:tew-827dru_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0AF225D0-9D58-4789-AE34-A3281538509D",
"versionEndIncluding": "2.06b04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:trendnet:tew-827dru:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4079F0DD-CD82-4315-934F-3F49F9823760",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action set_sta_enrollee_pin_wifi1 (or set_sta_enrollee_pin_wifi0) with a sufficiently long wps_sta_enrollee_pin key."
},
{
"lang": "es",
"value": "Los dispositivos TRENDnet TEW-827DRU versiones hasta 2.06B04, contienen un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en el binario ssi. El desbordamiento permite a un usuario autenticado ejecutar c\u00f3digo arbitrario en la funci\u00f3n POSTing en el archivo apply_sec.cgi por medio de la acci\u00f3n set_sta_enrollee_pin_wifi1 (o set_sta_enrollee_pin_wifi0) con una clave de wps_sta_enrollee_pin lo suficientemente larga"
}
],
"id": "CVE-2020-14077",
"lastModified": "2024-11-21T05:02:35.407",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-15T04:15:13.453",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/TRENDnet-set_sta_enrollee.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/set_sta_enrollee_pin_wifi_overflow.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/TRENDnet-set_sta_enrollee.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/set_sta_enrollee_pin_wifi_overflow.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-09 21:15
Modified
2024-11-21 04:24
Severity ?
Summary
TRENDnet TEW-827DRU with firmware up to and including 2.04B03 allows an unauthenticated attacker to execute setup wizard functionality, giving this attacker the ability to change configuration values, potentially leading to a denial of service. The request can be made on the local intranet or remotely if remote administration is enabled.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/fuzzywalls/TRENDNetExploits/tree/master/CVE-2019-13277 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/fuzzywalls/TRENDNetExploits/tree/master/CVE-2019-13277 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendnet | tew-827dru_firmware | * | |
| trendnet | tew-827dru | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:trendnet:tew-827dru_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D82CCAA8-61AC-4695-BCF8-CDFEC3D72368",
"versionEndIncluding": "2.04b03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:trendnet:tew-827dru:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6A79A7-46A7-446F-B512-4C75B5C214CE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TRENDnet TEW-827DRU with firmware up to and including 2.04B03 allows an unauthenticated attacker to execute setup wizard functionality, giving this attacker the ability to change configuration values, potentially leading to a denial of service. The request can be made on the local intranet or remotely if remote administration is enabled."
},
{
"lang": "es",
"value": "El dispositivo TEW-827DRU con firmware hasta 2.04B03 e incluido de TRENDnet, permite a un atacante no identificado ejecutar la funcionalidad del asistente de configuraci\u00f3n, lo que ofrece la capacidad de cambiar los valores de configuraci\u00f3n, conllevando potencialmente a una denegaci\u00f3n de servicio. La petici\u00f3n puede ser realizada en la intranet local o remotamente si la administraci\u00f3n remota est\u00e1 habilitada."
}
],
"id": "CVE-2019-13277",
"lastModified": "2024-11-21T04:24:36.530",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-09T21:15:10.973",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/fuzzywalls/TRENDNetExploits/tree/master/CVE-2019-13277"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/fuzzywalls/TRENDNetExploits/tree/master/CVE-2019-13277"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-15 04:15
Modified
2024-11-21 05:02
Severity ?
Summary
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an unauthenticated user to execute arbitrary code by POSTing to apply_sec.cgi via the action ping_test with a sufficiently long ping_ipaddr key.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendnet | tew-827dru_firmware | * | |
| trendnet | tew-827dru | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:trendnet:tew-827dru_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0AF225D0-9D58-4789-AE34-A3281538509D",
"versionEndIncluding": "2.06b04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:trendnet:tew-827dru:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4079F0DD-CD82-4315-934F-3F49F9823760",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an unauthenticated user to execute arbitrary code by POSTing to apply_sec.cgi via the action ping_test with a sufficiently long ping_ipaddr key."
},
{
"lang": "es",
"value": "Los dispositivos TRENDnet TEW-827DRU versiones hasta 2.06B04, contienen un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en el binario ssi. El desbordamiento permite a un usuario no autenticado ejecutar c\u00f3digo arbitrario en la funci\u00f3n POSTing en el archivo apply_sec.cgi por medio de la acci\u00f3n ping_test con una clave de ping_ipaddr lo suficientemente larga"
}
],
"id": "CVE-2020-14080",
"lastModified": "2024-11-21T05:02:36.080",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-15T04:15:13.690",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/TRENDnet-ping_test.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/ping_test_overflow.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/TRENDnet-ping_test.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/ping_test_overflow.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-02 13:15
Modified
2024-11-21 04:24
Severity ?
Summary
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the Private Port in Add Virtual Server.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendnet | tew-827dru_firmware | * | |
| trendnet | tew-827dru | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:trendnet:tew-827dru_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D428A57C-BDA5-4E0D-A922-7A923DD48717",
"versionEndExcluding": "2.05b11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:trendnet:tew-827dru:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4079F0DD-CD82-4315-934F-3F49F9823760",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the Private Port in Add Virtual Server."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en el firmware TEW-827DRU anterior a versi\u00f3n 2.05B11 de TRENDnet. Se presenta una inyecci\u00f3n de comandos en el archivo apply.cgi (explotable con autenticaci\u00f3n) por medio del puerto privado en Add Virtual Server."
}
],
"id": "CVE-2019-13153",
"lastModified": "2024-11-21T04:24:18.937",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-02T13:15:12.540",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TeamSeri0us/pocs/blob/master/iot/trendnet/cmdinject45.jpg"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TeamSeri0us/pocs/blob/master/iot/trendnet/cmdinject45.jpg"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-30 22:15
Modified
2024-11-21 05:46
Severity ?
Summary
Trendnet AC2600 TEW-827DRU version 2.08B01 contains an improper access control configuration that could allow for a malicious firmware update. It is possible to manually install firmware that may be malicious in nature as there does not appear to be any signature validation done to determine if it is from a known and trusted source. This includes firmware updates that are done via the automated "check for updates" in the admin interface. If an attacker is able to masquerade as the update server, the device will not verify that the firmware updates downloaded are legitimate.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vulnreport@tenable.com | https://www.tenable.com/security/research/tra-2021-54 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2021-54 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendnet | tew-827dru_firmware | 2.08b01 | |
| trendnet | tew-827dru | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:trendnet:tew-827dru_firmware:2.08b01:*:*:*:*:*:*:*",
"matchCriteriaId": "9C008C1E-18D3-4A0C-97A1-89009310C55B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:trendnet:tew-827dru:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6A79A7-46A7-446F-B512-4C75B5C214CE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Trendnet AC2600 TEW-827DRU version 2.08B01 contains an improper access control configuration that could allow for a malicious firmware update. It is possible to manually install firmware that may be malicious in nature as there does not appear to be any signature validation done to determine if it is from a known and trusted source. This includes firmware updates that are done via the automated \"check for updates\" in the admin interface. If an attacker is able to masquerade as the update server, the device will not verify that the firmware updates downloaded are legitimate."
},
{
"lang": "es",
"value": "Trendnet AC2600 TEW-827DRU versi\u00f3n 2.08B01, contiene una configuraci\u00f3n de control de acceso inapropiada que podr\u00eda permitir una actualizaci\u00f3n de firmware maliciosa. Es posible instalar manualmente firmware que puede ser de naturaleza maliciosa, ya que no parece haber ninguna comprobaci\u00f3n de firma realizada para determinar si es de una fuente conocida y confiable. Esto incluye las actualizaciones de firmware que se realizan por medio de la \"check for updates\" automatizada en la interfaz de administraci\u00f3n. Si un atacante es capaz de hacerse pasar por el servidor de actualizaciones, el dispositivo no verificar\u00e1 que las actualizaciones de firmware descargadas son leg\u00edtimas.\n"
}
],
"id": "CVE-2021-20156",
"lastModified": "2024-11-21T05:46:01.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-30T22:15:08.893",
"references": [
{
"source": "vulnreport@tenable.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2021-54"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2021-54"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-347"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-30 22:15
Modified
2024-11-21 05:46
Severity ?
Summary
Trendnet AC2600 TEW-827DRU version 2.08B01 does not properly implement csrf protections. Most pages lack proper usage of CSRF protections or mitigations. Additionally, pages that do make use of CSRF tokens are trivially bypassable as the server does not appear to validate them properly (i.e. re-using an old token or finding the token thru some other method is possible).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vulnreport@tenable.com | https://www.tenable.com/security/research/tra-2021-54 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2021-54 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendnet | tew-827dru_firmware | 2.08b01 | |
| trendnet | tew-827dru | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:trendnet:tew-827dru_firmware:2.08b01:*:*:*:*:*:*:*",
"matchCriteriaId": "9C008C1E-18D3-4A0C-97A1-89009310C55B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:trendnet:tew-827dru:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6A79A7-46A7-446F-B512-4C75B5C214CE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Trendnet AC2600 TEW-827DRU version 2.08B01 does not properly implement csrf protections. Most pages lack proper usage of CSRF protections or mitigations. Additionally, pages that do make use of CSRF tokens are trivially bypassable as the server does not appear to validate them properly (i.e. re-using an old token or finding the token thru some other method is possible)."
},
{
"lang": "es",
"value": "Trendnet AC2600 TEW-827DRU versi\u00f3n 2.08B01, no implementa correctamente las protecciones csrf. La mayor\u00eda de las p\u00e1ginas carecen de un uso adecuado de las protecciones o mitigaciones de CSRF. Adem\u00e1s, las p\u00e1ginas que hacen uso de tokens CSRF son trivialmente evitables ya que el servidor no parece comprobarlos apropiadamente (es decir, es posible reusar un token antiguo o encontrar el token a trav\u00e9s de alg\u00fan otro m\u00e9todo).\n"
}
],
"id": "CVE-2021-20165",
"lastModified": "2024-11-21T05:46:02.910",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-30T22:15:09.363",
"references": [
{
"source": "vulnreport@tenable.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2021-54"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2021-54"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-30 22:15
Modified
2024-11-21 05:46
Severity ?
Summary
Trendnet AC2600 TEW-827DRU version 2.08B01 contains a command injection vulnerability in the smb functionality of the device. The username parameter used when configuring smb functionality for the device is vulnerable to command injection as root.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vulnreport@tenable.com | https://www.tenable.com/security/research/tra-2021-54 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2021-54 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendnet | tew-827dru_firmware | 2.08b01 | |
| trendnet | tew-827dru | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:trendnet:tew-827dru_firmware:2.08b01:*:*:*:*:*:*:*",
"matchCriteriaId": "9C008C1E-18D3-4A0C-97A1-89009310C55B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:trendnet:tew-827dru:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6A79A7-46A7-446F-B512-4C75B5C214CE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Trendnet AC2600 TEW-827DRU version 2.08B01 contains a command injection vulnerability in the smb functionality of the device. The username parameter used when configuring smb functionality for the device is vulnerable to command injection as root."
},
{
"lang": "es",
"value": "Trendnet AC2600 TEW-827DRU versi\u00f3n 2.08B01, contiene una vulnerabilidad de inyecci\u00f3n de comandos en la funcionalidad smb del dispositivo. El par\u00e1metro username usado cuando es configurada la funcionalidad smb para el dispositivo es vulnerable a una inyecci\u00f3n de comandos como root.\n"
}
],
"id": "CVE-2021-20160",
"lastModified": "2024-11-21T05:46:02.320",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-30T22:15:09.113",
"references": [
{
"source": "vulnreport@tenable.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2021-54"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2021-54"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-02 13:15
Modified
2024-11-21 04:24
Severity ?
Summary
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the key passwd in Routing RIP Settings.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/TeamSeri0us/pocs/blob/master/iot/trendnet/cmdinject2.jpg | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/TeamSeri0us/pocs/blob/master/iot/trendnet/cmdinject2.jpg | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendnet | tew-827dru_firmware | * | |
| trendnet | tew-827dru | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:trendnet:tew-827dru_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D428A57C-BDA5-4E0D-A922-7A923DD48717",
"versionEndExcluding": "2.05b11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:trendnet:tew-827dru:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4079F0DD-CD82-4315-934F-3F49F9823760",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the key passwd in Routing RIP Settings."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en el firmware TRENDnet TEW-827DRU antes de 2.05B11. Hay una inyecci\u00f3n de comando en apply.cgi (aprovechable con identificaci\u00f3n) a trav\u00e9s de la clave de acceso en Configuraci\u00f3n de RIP del Router."
}
],
"id": "CVE-2019-13149",
"lastModified": "2024-11-21T04:24:18.390",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-02T13:15:12.147",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TeamSeri0us/pocs/blob/master/iot/trendnet/cmdinject2.jpg"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TeamSeri0us/pocs/blob/master/iot/trendnet/cmdinject2.jpg"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-30 22:15
Modified
2024-11-21 05:46
Severity ?
Summary
Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient access controls for the WAN interface. The default iptables ruleset for governing access to services on the device only apply to IPv4. All services running on the devices are accessible via the WAN interface via IPv6 by default.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vulnreport@tenable.com | https://www.tenable.com/security/research/tra-2021-54 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2021-54 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendnet | tew-827dru_firmware | 2.08b01 | |
| trendnet | tew-827dru | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:trendnet:tew-827dru_firmware:2.08b01:*:*:*:*:*:*:*",
"matchCriteriaId": "9C008C1E-18D3-4A0C-97A1-89009310C55B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:trendnet:tew-827dru:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6A79A7-46A7-446F-B512-4C75B5C214CE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient access controls for the WAN interface. The default iptables ruleset for governing access to services on the device only apply to IPv4. All services running on the devices are accessible via the WAN interface via IPv6 by default."
},
{
"lang": "es",
"value": "Trendnet AC2600 TEW-827DRU versi\u00f3n 2.08B01, no presenta suficientes controles de acceso para la interfaz WAN. El conjunto de reglas iptables por defecto para gobernar el acceso a los servicios en el dispositivo s\u00f3lo se aplica a IPv4. Todos los servicios que son ejecutados en los dispositivos son accesibles por medio de la interfaz WAN por medio de IPv6 por defecto.\n"
}
],
"id": "CVE-2021-20149",
"lastModified": "2024-11-21T05:46:00.990",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-30T22:15:08.580",
"references": [
{
"source": "vulnreport@tenable.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2021-54"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2021-54"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-15 04:15
Modified
2024-11-21 05:02
Severity ?
Summary
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action kick_ban_wifi_mac_allow with a sufficiently long qcawifi.wifi0_vap0.maclist key.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendnet | tew-827dru_firmware | * | |
| trendnet | tew-827dru | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:trendnet:tew-827dru_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0AF225D0-9D58-4789-AE34-A3281538509D",
"versionEndIncluding": "2.06b04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:trendnet:tew-827dru:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4079F0DD-CD82-4315-934F-3F49F9823760",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action kick_ban_wifi_mac_allow with a sufficiently long qcawifi.wifi0_vap0.maclist key."
},
{
"lang": "es",
"value": "Los dispositivos TRENDnet TEW-827DRU versiones hasta 2.06B04, contienen un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en el binario ssi. El desbordamiento permite a un usuario autenticado ejecutar c\u00f3digo arbitrario en la funci\u00f3n POSTing en el archivo apply_sec.cgi por medio de la acci\u00f3n kick_ban_wifi_mac_allow con una clave de qcawifi.wifi0_vap0.maclist lo suficientemente larga"
}
],
"id": "CVE-2020-14074",
"lastModified": "2024-11-21T05:02:33.997",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-15T04:15:13.237",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/TRENDnet-kick_ban_wifi.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/kick_ban_wifi_mac_allow_overflow.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/TRENDnet-kick_ban_wifi.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/kick_ban_wifi_mac_allow_overflow.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-30 22:15
Modified
2024-11-21 05:46
Severity ?
Summary
Trendnet AC2600 TEW-827DRU version 2.08B01 contains an authentication bypass vulnerability. It is possible for an unauthenticated, malicous actor to force the change of the admin password due to a hidden administrative command.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vulnreport@tenable.com | https://www.tenable.com/security/research/tra-2021-54 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2021-54 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendnet | tew-827dru_firmware | 2.08b01 | |
| trendnet | tew-827dru | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:trendnet:tew-827dru_firmware:2.08b01:*:*:*:*:*:*:*",
"matchCriteriaId": "9C008C1E-18D3-4A0C-97A1-89009310C55B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:trendnet:tew-827dru:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6A79A7-46A7-446F-B512-4C75B5C214CE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Trendnet AC2600 TEW-827DRU version 2.08B01 contains an authentication bypass vulnerability. It is possible for an unauthenticated, malicous actor to force the change of the admin password due to a hidden administrative command."
},
{
"lang": "es",
"value": "Trendnet AC2600 TEW-827DRU versi\u00f3n 2.08B01, contiene una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n. Es posible que un actor malicioso no autenticado fuerce el cambio de la contrase\u00f1a de administrador debido a un comando administrativo oculto.\n"
}
],
"id": "CVE-2021-20158",
"lastModified": "2024-11-21T05:46:02.090",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-30T22:15:08.990",
"references": [
{
"source": "vulnreport@tenable.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2021-54"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2021-54"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-09 19:15
Modified
2024-11-21 04:24
Severity ?
Summary
TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains a stack-based buffer overflow while returning an error message to the user about failure to resolve a hostname during a ping or traceroute attempt. This allows an authenticated user to execute arbitrary code. The exploit can be exercised on the local intranet or remotely if remote administration is enabled.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/fuzzywalls/TRENDNetExploits/tree/master/CVE-2019-13280 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/fuzzywalls/TRENDNetExploits/tree/master/CVE-2019-13280 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendnet | tew-827dru_firmware | * | |
| trendnet | tew-827dru | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:trendnet:tew-827dru_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D82CCAA8-61AC-4695-BCF8-CDFEC3D72368",
"versionEndIncluding": "2.04b03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:trendnet:tew-827dru:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6A79A7-46A7-446F-B512-4C75B5C214CE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains a stack-based buffer overflow while returning an error message to the user about failure to resolve a hostname during a ping or traceroute attempt. This allows an authenticated user to execute arbitrary code. The exploit can be exercised on the local intranet or remotely if remote administration is enabled."
},
{
"lang": "es",
"value": "El dispositivo TEW-827DRU con firmware hasta 2.04B03 e incluido de TRENDnet, contiene un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria mientras se devuelve un mensaje de error al usuario sobre el fallo para resolver un nombre de host durante un intento ping o traceroute. Esto permite a un usuario identificado ejecutar c\u00f3digo arbitrario. La explotaci\u00f3n puede ser ejercida en la intranet local o remotamente si la administraci\u00f3n remota est\u00e1 habilitada."
}
],
"id": "CVE-2019-13280",
"lastModified": "2024-11-21T04:24:36.950",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-09T19:15:12.437",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/fuzzywalls/TRENDNetExploits/tree/master/CVE-2019-13280"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/fuzzywalls/TRENDNetExploits/tree/master/CVE-2019-13280"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-30 22:15
Modified
2024-11-21 05:46
Severity ?
Summary
Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient protections for the UART functionality. A malicious actor with physical access to the device is able to connect to the UART port via a serial connection. No username or password is required and the user is given a root shell with full control of the device.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vulnreport@tenable.com | https://www.tenable.com/security/research/tra-2021-54 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2021-54 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendnet | tew-827dru_firmware | 2.08b01 | |
| trendnet | tew-827dru | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:trendnet:tew-827dru_firmware:2.08b01:*:*:*:*:*:*:*",
"matchCriteriaId": "9C008C1E-18D3-4A0C-97A1-89009310C55B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:trendnet:tew-827dru:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6A79A7-46A7-446F-B512-4C75B5C214CE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient protections for the UART functionality. A malicious actor with physical access to the device is able to connect to the UART port via a serial connection. No username or password is required and the user is given a root shell with full control of the device."
},
{
"lang": "es",
"value": "Trendnet AC2600 TEW-827DRU versi\u00f3n 2.08B01, no presenta suficientes protecciones para la funcionalidad UART. Un actor malicioso con acceso f\u00edsico al dispositivo es capaz de conectarse al puerto UART por medio de una conexi\u00f3n serial. No se requiere ning\u00fan nombre de usuario o contrase\u00f1a y el usuario recibe un shell de root con control total del dispositivo.\n"
}
],
"id": "CVE-2021-20161",
"lastModified": "2024-11-21T05:46:02.430",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-30T22:15:09.157",
"references": [
{
"source": "vulnreport@tenable.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2021-54"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2021-54"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
},
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-30 22:15
Modified
2024-11-21 05:46
Severity ?
Summary
Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses credentials for the smb functionality of the device. Usernames and passwords for all smb users are revealed in plaintext on the smbserver.asp page.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vulnreport@tenable.com | https://www.tenable.com/security/research/tra-2021-54 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2021-54 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendnet | tew-827dru_firmware | 2.08b01 | |
| trendnet | tew-827dru | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:trendnet:tew-827dru_firmware:2.08b01:*:*:*:*:*:*:*",
"matchCriteriaId": "9C008C1E-18D3-4A0C-97A1-89009310C55B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:trendnet:tew-827dru:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6A79A7-46A7-446F-B512-4C75B5C214CE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses credentials for the smb functionality of the device. Usernames and passwords for all smb users are revealed in plaintext on the smbserver.asp page."
},
{
"lang": "es",
"value": "Trendnet AC2600 TEW-827DRU versi\u00f3n 2.08B01, revela incorrectamente las credenciales para la funcionalidad smb del dispositivo. Los nombres de usuario y las contrase\u00f1as de todos los usuarios smb se revelan en texto plano en la p\u00e1gina smbserver.asp."
}
],
"id": "CVE-2021-20164",
"lastModified": "2024-11-21T05:46:02.790",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-30T22:15:09.317",
"references": [
{
"source": "vulnreport@tenable.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2021-54"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2021-54"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-02 13:15
Modified
2024-11-21 04:24
Severity ?
Summary
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the action set_sta_enrollee_pin_5g and the key wps_sta_enrollee_pin.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/TeamSeri0us/pocs/blob/master/iot/trendnet/cmdinject3.jpg | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/TeamSeri0us/pocs/blob/master/iot/trendnet/cmdinject3.jpg | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendnet | tew-827dru_firmware | * | |
| trendnet | tew-827dru | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:trendnet:tew-827dru_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D428A57C-BDA5-4E0D-A922-7A923DD48717",
"versionEndExcluding": "2.05b11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:trendnet:tew-827dru:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4079F0DD-CD82-4315-934F-3F49F9823760",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the action set_sta_enrollee_pin_5g and the key wps_sta_enrollee_pin."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en el firmware TEW-827DRU anterior a la versi\u00f3n 2.05B11 de TRENDnet. Presenta una inyecci\u00f3n de comando en el archivo apply.cgi (explotable con autenticaci\u00f3n) por medio de la acci\u00f3n set_sta_enrollee_pin_5g y la clave wps_sta_enrollee_pin."
}
],
"id": "CVE-2019-13151",
"lastModified": "2024-11-21T04:24:18.660",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-02T13:15:12.307",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TeamSeri0us/pocs/blob/master/iot/trendnet/cmdinject3.jpg"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TeamSeri0us/pocs/blob/master/iot/trendnet/cmdinject3.jpg"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-02 13:15
Modified
2024-11-21 04:24
Severity ?
Summary
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the TCP Ports To Open in Add Gaming Rule.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendnet | tew-827dru_firmware | * | |
| trendnet | tew-827dru | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:trendnet:tew-827dru_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D428A57C-BDA5-4E0D-A922-7A923DD48717",
"versionEndExcluding": "2.05b11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:trendnet:tew-827dru:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4079F0DD-CD82-4315-934F-3F49F9823760",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the TCP Ports To Open in Add Gaming Rule."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en el firmware TEW-827DRU anterior a versi\u00f3n 2.05B11 de TRENDnet. Se presenta una inyecci\u00f3n de comandos en el archivo apply.cgi (explotable con autenticaci\u00f3n) por medio de los puertos TCP para abrir en Add Gaming Rule."
}
],
"id": "CVE-2019-13154",
"lastModified": "2024-11-21T04:24:19.077",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-02T13:15:12.647",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TeamSeri0us/pocs/blob/master/iot/trendnet/cmdinject678.jpg"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TeamSeri0us/pocs/blob/master/iot/trendnet/cmdinject678.jpg"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-30 22:15
Modified
2024-11-21 05:46
Severity ?
Summary
Trendnet AC2600 TEW-827DRU version 2.08B01 makes use of hardcoded credentials. It is possible to backup and restore device configurations via the management web interface. These devices are encrypted using a hardcoded password of "12345678".
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vulnreport@tenable.com | https://www.tenable.com/security/research/tra-2021-54 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2021-54 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendnet | tew-827dru_firmware | 2.08b01 | |
| trendnet | tew-827dru | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:trendnet:tew-827dru_firmware:2.08b01:*:*:*:*:*:*:*",
"matchCriteriaId": "9C008C1E-18D3-4A0C-97A1-89009310C55B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:trendnet:tew-827dru:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6A79A7-46A7-446F-B512-4C75B5C214CE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Trendnet AC2600 TEW-827DRU version 2.08B01 makes use of hardcoded credentials. It is possible to backup and restore device configurations via the management web interface. These devices are encrypted using a hardcoded password of \"12345678\"."
},
{
"lang": "es",
"value": "Trendnet AC2600 TEW-827DRU versi\u00f3n 2.08B01, usa credenciales embebidas. Es posible hacer una copia de seguridad y restaurar las configuraciones del dispositivo por medio de la interfaz web de administraci\u00f3n. Estos dispositivos est\u00e1n encriptados usando una contrase\u00f1a embebida de \"12345678\"."
}
],
"id": "CVE-2021-20155",
"lastModified": "2024-11-21T05:46:01.723",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-30T22:15:08.847",
"references": [
{
"source": "vulnreport@tenable.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2021-54"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2021-54"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-30 22:15
Modified
2024-11-21 05:46
Severity ?
Summary
It is possible for an unauthenticated, malicious user to force the device to reboot due to a hidden administrative command.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vulnreport@tenable.com | https://www.tenable.com/security/research/tra-2021-54 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2021-54 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendnet | tew-827dru_firmware | - | |
| trendnet | tew-827dru | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:trendnet:tew-827dru_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8A7ED82-21A9-435F-B092-7AAFA135FE22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:trendnet:tew-827dru:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4079F0DD-CD82-4315-934F-3F49F9823760",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "It is possible for an unauthenticated, malicious user to force the device to reboot due to a hidden administrative command."
},
{
"lang": "es",
"value": "Es posible que un usuario malicioso no autenticado fuerce el reinicio del dispositivo debido a un comando administrativo oculto."
}
],
"id": "CVE-2021-20157",
"lastModified": "2024-11-21T05:46:01.973",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-30T22:15:08.940",
"references": [
{
"source": "vulnreport@tenable.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2021-54"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2021-54"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-15 04:15
Modified
2024-11-21 05:02
Severity ?
Summary
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action wifi_captive_portal_login with a sufficiently long REMOTE_ADDR key.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendnet | tew-827dru_firmware | * | |
| trendnet | tew-827dru | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:trendnet:tew-827dru_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0AF225D0-9D58-4789-AE34-A3281538509D",
"versionEndIncluding": "2.06b04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:trendnet:tew-827dru:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4079F0DD-CD82-4315-934F-3F49F9823760",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action wifi_captive_portal_login with a sufficiently long REMOTE_ADDR key."
},
{
"lang": "es",
"value": "Los dispositivos TRENDnet TEW-827DRU versiones hasta 2.06B04, contienen un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en el binario ssi. El desbordamiento permite a un usuario autenticado ejecutar c\u00f3digo arbitrario en la funci\u00f3n POSTing en el archivo apply_sec.cgi por medio de la acci\u00f3n wifi_captive_portal_login con una clave de REMOTE_ADDR lo suficientemente larga"
}
],
"id": "CVE-2020-14078",
"lastModified": "2024-11-21T05:02:35.627",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-15T04:15:13.533",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/TRENDnet-wifi_captive.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/wifi_captive_portal_login_overflow.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/TRENDnet-wifi_captive.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/wifi_captive_portal_login_overflow.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-30 22:15
Modified
2024-11-21 05:46
Severity ?
Summary
Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses information via redirection from the setup wizard. Authentication can be bypassed and a user may view information as Admin by manually browsing to the setup wizard and forcing it to redirect to the desired page.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vulnreport@tenable.com | https://www.tenable.com/security/research/tra-2021-54 | Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2021-54 | Mitigation, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendnet | tew-827dru_firmware | 2.08b01 | |
| trendnet | tew-827dru | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:trendnet:tew-827dru_firmware:2.08b01:*:*:*:*:*:*:*",
"matchCriteriaId": "9C008C1E-18D3-4A0C-97A1-89009310C55B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:trendnet:tew-827dru:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6A79A7-46A7-446F-B512-4C75B5C214CE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses information via redirection from the setup wizard. Authentication can be bypassed and a user may view information as Admin by manually browsing to the setup wizard and forcing it to redirect to the desired page."
},
{
"lang": "es",
"value": "Trendnet AC2600 TEW-827DRU versi\u00f3n 2.08B01, revela inapropiadamente informaci\u00f3n por medio de la redirecci\u00f3n del asistente de configuraci\u00f3n. La autenticaci\u00f3n puede ser omitida y un usuario puede visualizar la informaci\u00f3n como administrador al navegar manualmente al asistente de configuraci\u00f3n y forzarlo a redirigir a la p\u00e1gina deseada."
}
],
"id": "CVE-2021-20150",
"lastModified": "2024-11-21T05:46:01.117",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-30T22:15:08.623",
"references": [
{
"source": "vulnreport@tenable.com",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2021-54"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2021-54"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-30 22:15
Modified
2024-11-21 05:46
Severity ?
Summary
Trendnet AC2600 TEW-827DRU version 2.08B01 lacks proper authentication to the bittorrent functionality. If enabled, anyone is able to visit and modify settings and files via the Bittorent web client by visiting: http://192.168.10.1:9091/transmission/web/
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vulnreport@tenable.com | https://www.tenable.com/security/research/tra-2021-54 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2021-54 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendnet | tew-827dru_firmware | 2.08b01 | |
| trendnet | tew-827dru | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:trendnet:tew-827dru_firmware:2.08b01:*:*:*:*:*:*:*",
"matchCriteriaId": "9C008C1E-18D3-4A0C-97A1-89009310C55B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:trendnet:tew-827dru:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6A79A7-46A7-446F-B512-4C75B5C214CE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Trendnet AC2600 TEW-827DRU version 2.08B01 lacks proper authentication to the bittorrent functionality. If enabled, anyone is able to visit and modify settings and files via the Bittorent web client by visiting: http://192.168.10.1:9091/transmission/web/"
},
{
"lang": "es",
"value": "Trendnet AC2600 TEW-827DRU versi\u00f3n 2.08B01, carece de la autenticaci\u00f3n apropiada para la funcionalidad bittorrent. Si est\u00e1 habilitada, cualquiera puede visitar y modificar la configuraci\u00f3n y los archivos por medio del cliente web de Bittorent al visitar: http://192.168.10.1:9091/transmission/web/\n"
}
],
"id": "CVE-2021-20152",
"lastModified": "2024-11-21T05:46:01.367",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-30T22:15:08.713",
"references": [
{
"source": "vulnreport@tenable.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2021-54"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2021-54"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-15 13:15
Modified
2024-11-21 05:02
Severity ?
Summary
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action st_dev_connect, st_dev_disconnect, or st_dev_rconnect with a sufficiently long wan_type key.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendnet | tew-827dru_firmware | * | |
| trendnet | tew-827dru | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:trendnet:tew-827dru_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0AF225D0-9D58-4789-AE34-A3281538509D",
"versionEndIncluding": "2.06b04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:trendnet:tew-827dru:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4079F0DD-CD82-4315-934F-3F49F9823760",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action st_dev_connect, st_dev_disconnect, or st_dev_rconnect with a sufficiently long wan_type key."
},
{
"lang": "es",
"value": "Los dispositivos TRENDnet TEW-827DRU versiones hasta 2.06B04, contienen un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en el binario ssi. El desbordamiento permite a un usuario autenticado ejecutar c\u00f3digo arbitrario en la funci\u00f3n POSTing en el archivo apply.cgi por medio de la acci\u00f3n st_dev_connect, st_dev_disconnect o st_dev_rconnect en la clave wan_type lo suficientemente larga"
}
],
"id": "CVE-2020-14076",
"lastModified": "2024-11-21T05:02:35.200",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-15T13:15:09.727",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/TRENDnet-st_dev.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/st_dev_connect_overflow.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/st_dev_disconnect_overflow.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/st_dev_rconnect_overflow.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/TRENDnet-st_dev.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/st_dev_connect_overflow.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/st_dev_disconnect_overflow.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/st_dev_rconnect_overflow.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-02 13:15
Modified
2024-11-21 04:24
Severity ?
Summary
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the IP Address in Add Gaming Rule.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendnet | tew-827dru_firmware | * | |
| trendnet | tew-827dru | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:trendnet:tew-827dru_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D428A57C-BDA5-4E0D-A922-7A923DD48717",
"versionEndExcluding": "2.05b11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:trendnet:tew-827dru:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4079F0DD-CD82-4315-934F-3F49F9823760",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the IP Address in Add Gaming Rule."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en el firmware TEW-827DRU anterior a versi\u00f3n 2.05B11 de TRENDnet. Presenta una inyecci\u00f3n de comando en el archivo apply.cgi (explotable con autenticaci\u00f3n) por medio de la direcci\u00f3n IP en Add Gaming Rule."
}
],
"id": "CVE-2019-13152",
"lastModified": "2024-11-21T04:24:18.800",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-02T13:15:12.430",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TeamSeri0us/pocs/blob/master/iot/trendnet/cmdinject678.jpg"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TeamSeri0us/pocs/blob/master/iot/trendnet/cmdinject678.jpg"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-15 04:15
Modified
2024-11-21 05:02
Severity ?
Summary
TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action send_log_email with the key auth_acname (or auth_passwd), allowing an authenticated user to run arbitrary commands on the device.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendnet | tew-827dru_firmware | * | |
| trendnet | tew-827dru | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:trendnet:tew-827dru_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0AF225D0-9D58-4789-AE34-A3281538509D",
"versionEndIncluding": "2.06b04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:trendnet:tew-827dru:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4079F0DD-CD82-4315-934F-3F49F9823760",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action send_log_email with the key auth_acname (or auth_passwd), allowing an authenticated user to run arbitrary commands on the device."
},
{
"lang": "es",
"value": "Los dispositivos TRENDnet TEW-827DRU versiones hasta 2.06B04, contienen m\u00faltiples inyecciones de comandos en el archivo apply.cgi por medio de la acci\u00f3n send_log_email en la clave auth_acname (o auth_passwd), permitiendo a un usuario autenticado ejecutar comandos arbitrarios en el dispositivo"
}
],
"id": "CVE-2020-14081",
"lastModified": "2024-11-21T05:02:36.283",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-15T04:15:13.783",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/send_log_email_command.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/send_log_email_command.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-02 13:15
Modified
2024-11-21 04:24
Severity ?
Summary
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the IP Address in Add Virtual Server.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendnet | tew-827dru_firmware | * | |
| trendnet | tew-827dru | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:trendnet:tew-827dru_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D428A57C-BDA5-4E0D-A922-7A923DD48717",
"versionEndExcluding": "2.05b11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:trendnet:tew-827dru:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4079F0DD-CD82-4315-934F-3F49F9823760",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the IP Address in Add Virtual Server."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en el firmware TEW-827DRU anterior a versi\u00f3n 2.05B11 de TRENDnet. Se presenta una inyecci\u00f3n de comandos en el archivo apply.cgi (explotable con autenticaci\u00f3n) por medio de la direcci\u00f3n IP en Add Virtual Server."
}
],
"id": "CVE-2019-13155",
"lastModified": "2024-11-21T04:24:19.233",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-02T13:15:12.727",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TeamSeri0us/pocs/blob/master/iot/trendnet/cmdinject45.jpg"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TeamSeri0us/pocs/blob/master/iot/trendnet/cmdinject45.jpg"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-10 17:15
Modified
2024-11-21 04:24
Severity ?
Summary
TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple command injections when processing user input for the setup wizard, allowing an unauthenticated user to run arbitrary commands on the device. The vulnerability can be exercised on the local intranet or remotely if remote administration is enabled.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/fuzzywalls/TRENDNetExploits/tree/master/CVE-2019-13278 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/fuzzywalls/TRENDNetExploits/tree/master/CVE-2019-13278 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendnet | tew-827dru_firmware | * | |
| trendnet | tew-827dru | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:trendnet:tew-827dru_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D82CCAA8-61AC-4695-BCF8-CDFEC3D72368",
"versionEndIncluding": "2.04b03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:trendnet:tew-827dru:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6A79A7-46A7-446F-B512-4C75B5C214CE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple command injections when processing user input for the setup wizard, allowing an unauthenticated user to run arbitrary commands on the device. The vulnerability can be exercised on the local intranet or remotely if remote administration is enabled."
},
{
"lang": "es",
"value": "El dispositivo TEW-827DRU hasta la versi\u00f3n de firmware 2.04B03 e incluida de TRENDnet, contiene m\u00faltiples inyecciones de comandos al procesar la entrada del usuario para el asistente de configuraci\u00f3n, lo que permite a un usuario no identificado ejecutar comandos arbitrarios en el dispositivo. La vulnerabilidad se puede ejercer en la intranet local o remotamente, si la administraci\u00f3n remota est\u00e1 habilitada."
}
],
"id": "CVE-2019-13278",
"lastModified": "2024-11-21T04:24:36.663",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-10T17:15:12.413",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/fuzzywalls/TRENDNetExploits/tree/master/CVE-2019-13278"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/fuzzywalls/TRENDNetExploits/tree/master/CVE-2019-13278"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-02 13:15
Modified
2024-11-21 04:24
Severity ?
Summary
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication). The command injection exists in the key ip_addr.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/TeamSeri0us/pocs/blob/master/iot/trendnet/cmdinject1.jpg | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/TeamSeri0us/pocs/blob/master/iot/trendnet/cmdinject1.jpg | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendnet | tew-827dru_firmware | * | |
| trendnet | tew-827dru | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:trendnet:tew-827dru_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D428A57C-BDA5-4E0D-A922-7A923DD48717",
"versionEndExcluding": "2.05b11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:trendnet:tew-827dru:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4079F0DD-CD82-4315-934F-3F49F9823760",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication). The command injection exists in the key ip_addr."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en el firmware TRENDnet TEW-827DRU anterior de 2.05B11. Hay una inyecci\u00f3n de comando en apply.cgi (aprovechable con identificaci\u00f3n). El comando de inyecci\u00f3n existe en la clave ip_addr."
}
],
"id": "CVE-2019-13150",
"lastModified": "2024-11-21T04:24:18.527",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-02T13:15:12.227",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TeamSeri0us/pocs/blob/master/iot/trendnet/cmdinject1.jpg"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TeamSeri0us/pocs/blob/master/iot/trendnet/cmdinject1.jpg"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-30 22:15
Modified
2024-11-21 05:46
Severity ?
Summary
Trendnet AC2600 TEW-827DRU version 2.08B01 contains a flaw in the session management for the device. The router's management software manages web sessions based on IP address rather than verifying client cookies/session tokens/etc. This allows an attacker (whether from a different computer, different web browser on the same machine, etc.) to take over an existing session. This does require the attacker to be able to spoof or take over original IP address of the original user's session.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vulnreport@tenable.com | https://www.tenable.com/security/research/tra-2021-54 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2021-54 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendnet | tew-827dru_firmware | 2.08b01 | |
| trendnet | tew-827dru | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:trendnet:tew-827dru_firmware:2.08b01:*:*:*:*:*:*:*",
"matchCriteriaId": "9C008C1E-18D3-4A0C-97A1-89009310C55B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:trendnet:tew-827dru:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6A79A7-46A7-446F-B512-4C75B5C214CE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Trendnet AC2600 TEW-827DRU version 2.08B01 contains a flaw in the session management for the device. The router\u0027s management software manages web sessions based on IP address rather than verifying client cookies/session tokens/etc. This allows an attacker (whether from a different computer, different web browser on the same machine, etc.) to take over an existing session. This does require the attacker to be able to spoof or take over original IP address of the original user\u0027s session."
},
{
"lang": "es",
"value": "Trendnet AC2600 TEW-827DRU versi\u00f3n 2.08B01, contiene un fallo en la administraci\u00f3n de sesiones del dispositivo. El software de administraci\u00f3n del router administra las sesiones web bas\u00e1ndose en la direcci\u00f3n IP en lugar de verificar las cookies/tokens de sesi\u00f3n del cliente/etc. Esto permite a un atacante (ya sea desde un ordenador diferente, un navegador web distinto en la misma m\u00e1quina, etc.) hacerse con una sesi\u00f3n existente. Esto requiere que el atacante sea capaz de falsificar o tomar la direcci\u00f3n IP original de la sesi\u00f3n del usuario original.\n"
}
],
"id": "CVE-2021-20151",
"lastModified": "2024-11-21T05:46:01.250",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-30T22:15:08.670",
"references": [
{
"source": "vulnreport@tenable.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2021-54"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2021-54"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-384"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2019-13151
Vulnerability from cvelistv5
Published
2019-07-02 12:16
Modified
2024-08-04 23:41
Severity ?
EPSS score ?
Summary
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the action set_sta_enrollee_pin_5g and the key wps_sta_enrollee_pin.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TeamSeri0us/pocs/blob/master/iot/trendnet/cmdinject3.jpg | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:41:10.471Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TeamSeri0us/pocs/blob/master/iot/trendnet/cmdinject3.jpg"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the action set_sta_enrollee_pin_5g and the key wps_sta_enrollee_pin."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-02T12:16:48",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TeamSeri0us/pocs/blob/master/iot/trendnet/cmdinject3.jpg"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13151",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the action set_sta_enrollee_pin_5g and the key wps_sta_enrollee_pin."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TeamSeri0us/pocs/blob/master/iot/trendnet/cmdinject3.jpg",
"refsource": "MISC",
"url": "https://github.com/TeamSeri0us/pocs/blob/master/iot/trendnet/cmdinject3.jpg"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13151",
"datePublished": "2019-07-02T12:16:48",
"dateReserved": "2019-07-02T00:00:00",
"dateUpdated": "2024-08-04T23:41:10.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20152
Vulnerability from cvelistv5
Published
2021-12-30 21:31
Modified
2024-08-03 17:30
Severity ?
EPSS score ?
Summary
Trendnet AC2600 TEW-827DRU version 2.08B01 lacks proper authentication to the bittorrent functionality. If enabled, anyone is able to visit and modify settings and files via the Bittorent web client by visiting: http://192.168.10.1:9091/transmission/web/
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tenable.com/security/research/tra-2021-54 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Trendnet AC2600 TEW-827DRU |
Version: 2.08B01 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:30:07.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2021-54"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trendnet AC2600 TEW-827DRU",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2.08B01"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Trendnet AC2600 TEW-827DRU version 2.08B01 lacks proper authentication to the bittorrent functionality. If enabled, anyone is able to visit and modify settings and files via the Bittorent web client by visiting: http://192.168.10.1:9091/transmission/web/"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-30T21:31:05",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2021-54"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2021-20152",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trendnet AC2600 TEW-827DRU",
"version": {
"version_data": [
{
"version_value": "2.08B01"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Trendnet AC2600 TEW-827DRU version 2.08B01 lacks proper authentication to the bittorrent functionality. If enabled, anyone is able to visit and modify settings and files via the Bittorent web client by visiting: http://192.168.10.1:9091/transmission/web/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2021-54",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2021-54"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2021-20152",
"datePublished": "2021-12-30T21:31:05",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:30:07.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-14074
Vulnerability from cvelistv5
Published
2020-06-15 03:37
Modified
2024-08-04 12:32
Severity ?
EPSS score ?
Summary
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action kick_ban_wifi_mac_allow with a sufficiently long qcawifi.wifi0_vap0.maclist key.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:32:14.699Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/kick_ban_wifi_mac_allow_overflow.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/TRENDnet-kick_ban_wifi.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action kick_ban_wifi_mac_allow with a sufficiently long qcawifi.wifi0_vap0.maclist key."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-15T03:37:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/kick_ban_wifi_mac_allow_overflow.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/TRENDnet-kick_ban_wifi.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-14074",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action kick_ban_wifi_mac_allow with a sufficiently long qcawifi.wifi0_vap0.maclist key."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/kick_ban_wifi_mac_allow_overflow.pdf",
"refsource": "MISC",
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/kick_ban_wifi_mac_allow_overflow.pdf"
},
{
"name": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/TRENDnet-kick_ban_wifi.pdf",
"refsource": "MISC",
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/TRENDnet-kick_ban_wifi.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-14074",
"datePublished": "2020-06-15T03:37:08",
"dateReserved": "2020-06-15T00:00:00",
"dateUpdated": "2024-08-04T12:32:14.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20158
Vulnerability from cvelistv5
Published
2021-12-30 21:31
Modified
2024-08-03 17:30
Severity ?
EPSS score ?
Summary
Trendnet AC2600 TEW-827DRU version 2.08B01 contains an authentication bypass vulnerability. It is possible for an unauthenticated, malicous actor to force the change of the admin password due to a hidden administrative command.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tenable.com/security/research/tra-2021-54 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Trendnet AC2600 TEW-827DRU |
Version: 2.08B01 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:30:07.626Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2021-54"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trendnet AC2600 TEW-827DRU",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2.08B01"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Trendnet AC2600 TEW-827DRU version 2.08B01 contains an authentication bypass vulnerability. It is possible for an unauthenticated, malicous actor to force the change of the admin password due to a hidden administrative command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-30T21:31:03",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2021-54"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2021-20158",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trendnet AC2600 TEW-827DRU",
"version": {
"version_data": [
{
"version_value": "2.08B01"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Trendnet AC2600 TEW-827DRU version 2.08B01 contains an authentication bypass vulnerability. It is possible for an unauthenticated, malicous actor to force the change of the admin password due to a hidden administrative command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2021-54",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2021-54"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2021-20158",
"datePublished": "2021-12-30T21:31:03",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:30:07.626Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20160
Vulnerability from cvelistv5
Published
2021-12-30 21:31
Modified
2024-08-03 17:30
Severity ?
EPSS score ?
Summary
Trendnet AC2600 TEW-827DRU version 2.08B01 contains a command injection vulnerability in the smb functionality of the device. The username parameter used when configuring smb functionality for the device is vulnerable to command injection as root.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tenable.com/security/research/tra-2021-54 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Trendnet AC2600 TEW-827DRU |
Version: 2.08B01 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:30:07.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2021-54"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trendnet AC2600 TEW-827DRU",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2.08B01"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Trendnet AC2600 TEW-827DRU version 2.08B01 contains a command injection vulnerability in the smb functionality of the device. The username parameter used when configuring smb functionality for the device is vulnerable to command injection as root."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-30T21:31:08",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2021-54"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2021-20160",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trendnet AC2600 TEW-827DRU",
"version": {
"version_data": [
{
"version_value": "2.08B01"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Trendnet AC2600 TEW-827DRU version 2.08B01 contains a command injection vulnerability in the smb functionality of the device. The username parameter used when configuring smb functionality for the device is vulnerable to command injection as root."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2021-54",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2021-54"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2021-20160",
"datePublished": "2021-12-30T21:31:08",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:30:07.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-13278
Vulnerability from cvelistv5
Published
2019-07-10 16:23
Modified
2024-08-04 23:49
Severity ?
EPSS score ?
Summary
TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple command injections when processing user input for the setup wizard, allowing an unauthenticated user to run arbitrary commands on the device. The vulnerability can be exercised on the local intranet or remotely if remote administration is enabled.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/fuzzywalls/TRENDNetExploits/tree/master/CVE-2019-13278 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:24.681Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fuzzywalls/TRENDNetExploits/tree/master/CVE-2019-13278"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple command injections when processing user input for the setup wizard, allowing an unauthenticated user to run arbitrary commands on the device. The vulnerability can be exercised on the local intranet or remotely if remote administration is enabled."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-10T16:23:37",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fuzzywalls/TRENDNetExploits/tree/master/CVE-2019-13278"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13278",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple command injections when processing user input for the setup wizard, allowing an unauthenticated user to run arbitrary commands on the device. The vulnerability can be exercised on the local intranet or remotely if remote administration is enabled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/fuzzywalls/TRENDNetExploits/tree/master/CVE-2019-13278",
"refsource": "MISC",
"url": "https://github.com/fuzzywalls/TRENDNetExploits/tree/master/CVE-2019-13278"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13278",
"datePublished": "2019-07-10T16:23:37",
"dateReserved": "2019-07-04T00:00:00",
"dateUpdated": "2024-08-04T23:49:24.681Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20159
Vulnerability from cvelistv5
Published
2021-12-30 21:31
Modified
2024-08-03 17:30
Severity ?
EPSS score ?
Summary
Trendnet AC2600 TEW-827DRU version 2.08B01 is vulnerable to command injection. The system log functionality of the firmware allows for command injection as root by supplying a malformed parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tenable.com/security/research/tra-2021-54 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Trendnet AC2600 TEW-827DRU |
Version: 2.08B01 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:30:07.576Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2021-54"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trendnet AC2600 TEW-827DRU",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2.08B01"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Trendnet AC2600 TEW-827DRU version 2.08B01 is vulnerable to command injection. The system log functionality of the firmware allows for command injection as root by supplying a malformed parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-30T21:31:04",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2021-54"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2021-20159",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trendnet AC2600 TEW-827DRU",
"version": {
"version_data": [
{
"version_value": "2.08B01"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Trendnet AC2600 TEW-827DRU version 2.08B01 is vulnerable to command injection. The system log functionality of the firmware allows for command injection as root by supplying a malformed parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2021-54",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2021-54"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2021-20159",
"datePublished": "2021-12-30T21:31:04",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:30:07.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-14080
Vulnerability from cvelistv5
Published
2020-06-15 03:36
Modified
2024-08-04 12:39
Severity ?
EPSS score ?
Summary
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an unauthenticated user to execute arbitrary code by POSTing to apply_sec.cgi via the action ping_test with a sufficiently long ping_ipaddr key.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:35.633Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/TRENDnet-ping_test.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/ping_test_overflow.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an unauthenticated user to execute arbitrary code by POSTing to apply_sec.cgi via the action ping_test with a sufficiently long ping_ipaddr key."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-15T03:36:27",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/TRENDnet-ping_test.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/ping_test_overflow.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-14080",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an unauthenticated user to execute arbitrary code by POSTing to apply_sec.cgi via the action ping_test with a sufficiently long ping_ipaddr key."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/TRENDnet-ping_test.pdf",
"refsource": "MISC",
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/TRENDnet-ping_test.pdf"
},
{
"name": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/ping_test_overflow.pdf",
"refsource": "MISC",
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/ping_test_overflow.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-14080",
"datePublished": "2020-06-15T03:36:27",
"dateReserved": "2020-06-15T00:00:00",
"dateUpdated": "2024-08-04T12:39:35.633Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20156
Vulnerability from cvelistv5
Published
2021-12-30 21:31
Modified
2024-08-03 17:30
Severity ?
EPSS score ?
Summary
Trendnet AC2600 TEW-827DRU version 2.08B01 contains an improper access control configuration that could allow for a malicious firmware update. It is possible to manually install firmware that may be malicious in nature as there does not appear to be any signature validation done to determine if it is from a known and trusted source. This includes firmware updates that are done via the automated "check for updates" in the admin interface. If an attacker is able to masquerade as the update server, the device will not verify that the firmware updates downloaded are legitimate.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tenable.com/security/research/tra-2021-54 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Trendnet AC2600 TEW-827DRU |
Version: 2.08B01 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:30:07.486Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2021-54"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trendnet AC2600 TEW-827DRU",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2.08B01"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Trendnet AC2600 TEW-827DRU version 2.08B01 contains an improper access control configuration that could allow for a malicious firmware update. It is possible to manually install firmware that may be malicious in nature as there does not appear to be any signature validation done to determine if it is from a known and trusted source. This includes firmware updates that are done via the automated \"check for updates\" in the admin interface. If an attacker is able to masquerade as the update server, the device will not verify that the firmware updates downloaded are legitimate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-30T21:31:02",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2021-54"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2021-20156",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trendnet AC2600 TEW-827DRU",
"version": {
"version_data": [
{
"version_value": "2.08B01"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Trendnet AC2600 TEW-827DRU version 2.08B01 contains an improper access control configuration that could allow for a malicious firmware update. It is possible to manually install firmware that may be malicious in nature as there does not appear to be any signature validation done to determine if it is from a known and trusted source. This includes firmware updates that are done via the automated \"check for updates\" in the admin interface. If an attacker is able to masquerade as the update server, the device will not verify that the firmware updates downloaded are legitimate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2021-54",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2021-54"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2021-20156",
"datePublished": "2021-12-30T21:31:02",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:30:07.486Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-13277
Vulnerability from cvelistv5
Published
2019-07-09 20:28
Modified
2024-08-04 23:49
Severity ?
EPSS score ?
Summary
TRENDnet TEW-827DRU with firmware up to and including 2.04B03 allows an unauthenticated attacker to execute setup wizard functionality, giving this attacker the ability to change configuration values, potentially leading to a denial of service. The request can be made on the local intranet or remotely if remote administration is enabled.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/fuzzywalls/TRENDNetExploits/tree/master/CVE-2019-13277 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:23.923Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fuzzywalls/TRENDNetExploits/tree/master/CVE-2019-13277"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TRENDnet TEW-827DRU with firmware up to and including 2.04B03 allows an unauthenticated attacker to execute setup wizard functionality, giving this attacker the ability to change configuration values, potentially leading to a denial of service. The request can be made on the local intranet or remotely if remote administration is enabled."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-09T20:28:49",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fuzzywalls/TRENDNetExploits/tree/master/CVE-2019-13277"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13277",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TRENDnet TEW-827DRU with firmware up to and including 2.04B03 allows an unauthenticated attacker to execute setup wizard functionality, giving this attacker the ability to change configuration values, potentially leading to a denial of service. The request can be made on the local intranet or remotely if remote administration is enabled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/fuzzywalls/TRENDNetExploits/tree/master/CVE-2019-13277",
"refsource": "MISC",
"url": "https://github.com/fuzzywalls/TRENDNetExploits/tree/master/CVE-2019-13277"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13277",
"datePublished": "2019-07-09T20:28:49",
"dateReserved": "2019-07-04T00:00:00",
"dateUpdated": "2024-08-04T23:49:23.923Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-13152
Vulnerability from cvelistv5
Published
2019-07-02 12:16
Modified
2024-08-04 23:41
Severity ?
EPSS score ?
Summary
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the IP Address in Add Gaming Rule.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TeamSeri0us/pocs/blob/master/iot/trendnet/cmdinject678.jpg | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:41:10.480Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TeamSeri0us/pocs/blob/master/iot/trendnet/cmdinject678.jpg"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the IP Address in Add Gaming Rule."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-02T12:16:58",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TeamSeri0us/pocs/blob/master/iot/trendnet/cmdinject678.jpg"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13152",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the IP Address in Add Gaming Rule."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TeamSeri0us/pocs/blob/master/iot/trendnet/cmdinject678.jpg",
"refsource": "MISC",
"url": "https://github.com/TeamSeri0us/pocs/blob/master/iot/trendnet/cmdinject678.jpg"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13152",
"datePublished": "2019-07-02T12:16:58",
"dateReserved": "2019-07-02T00:00:00",
"dateUpdated": "2024-08-04T23:41:10.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-14076
Vulnerability from cvelistv5
Published
2020-06-15 12:46
Modified
2024-08-04 12:32
Severity ?
EPSS score ?
Summary
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action st_dev_connect, st_dev_disconnect, or st_dev_rconnect with a sufficiently long wan_type key.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:32:14.679Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/st_dev_connect_overflow.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/st_dev_disconnect_overflow.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/st_dev_rconnect_overflow.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/TRENDnet-st_dev.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action st_dev_connect, st_dev_disconnect, or st_dev_rconnect with a sufficiently long wan_type key."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-15T12:46:46",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/st_dev_connect_overflow.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/st_dev_disconnect_overflow.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/st_dev_rconnect_overflow.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/TRENDnet-st_dev.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-14076",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action st_dev_connect, st_dev_disconnect, or st_dev_rconnect with a sufficiently long wan_type key."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/st_dev_connect_overflow.pdf",
"refsource": "MISC",
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/st_dev_connect_overflow.pdf"
},
{
"name": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/st_dev_disconnect_overflow.pdf",
"refsource": "MISC",
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/st_dev_disconnect_overflow.pdf"
},
{
"name": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/st_dev_rconnect_overflow.pdf",
"refsource": "MISC",
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/st_dev_rconnect_overflow.pdf"
},
{
"name": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/TRENDnet-st_dev.pdf",
"refsource": "MISC",
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/TRENDnet-st_dev.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-14076",
"datePublished": "2020-06-15T12:46:46",
"dateReserved": "2020-06-15T00:00:00",
"dateUpdated": "2024-08-04T12:32:14.679Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-14075
Vulnerability from cvelistv5
Published
2020-06-15 03:36
Modified
2024-08-04 12:32
Severity ?
EPSS score ?
Summary
TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action pppoe_connect, ru_pppoe_connect, or dhcp_connect with the key wan_ifname (or wan0_dns), allowing an authenticated user to run arbitrary commands on the device.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:32:14.710Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/TRENDnet-dhcp_connect.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/dhcp_connect_command.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action pppoe_connect, ru_pppoe_connect, or dhcp_connect with the key wan_ifname (or wan0_dns), allowing an authenticated user to run arbitrary commands on the device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-15T03:36:58",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/TRENDnet-dhcp_connect.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/dhcp_connect_command.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-14075",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action pppoe_connect, ru_pppoe_connect, or dhcp_connect with the key wan_ifname (or wan0_dns), allowing an authenticated user to run arbitrary commands on the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/TRENDnet-dhcp_connect.pdf",
"refsource": "MISC",
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/TRENDnet-dhcp_connect.pdf"
},
{
"name": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/dhcp_connect_command.pdf",
"refsource": "MISC",
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/dhcp_connect_command.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-14075",
"datePublished": "2020-06-15T03:36:58",
"dateReserved": "2020-06-15T00:00:00",
"dateUpdated": "2024-08-04T12:32:14.710Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20165
Vulnerability from cvelistv5
Published
2021-12-30 21:31
Modified
2024-08-03 17:30
Severity ?
EPSS score ?
Summary
Trendnet AC2600 TEW-827DRU version 2.08B01 does not properly implement csrf protections. Most pages lack proper usage of CSRF protections or mitigations. Additionally, pages that do make use of CSRF tokens are trivially bypassable as the server does not appear to validate them properly (i.e. re-using an old token or finding the token thru some other method is possible).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tenable.com/security/research/tra-2021-54 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Trendnet AC2600 TEW-827DRU |
Version: 2.08B01 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:30:07.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2021-54"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trendnet AC2600 TEW-827DRU",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2.08B01"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Trendnet AC2600 TEW-827DRU version 2.08B01 does not properly implement csrf protections. Most pages lack proper usage of CSRF protections or mitigations. Additionally, pages that do make use of CSRF tokens are trivially bypassable as the server does not appear to validate them properly (i.e. re-using an old token or finding the token thru some other method is possible)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross site request forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-30T21:31:14",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2021-54"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2021-20165",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trendnet AC2600 TEW-827DRU",
"version": {
"version_data": [
{
"version_value": "2.08B01"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Trendnet AC2600 TEW-827DRU version 2.08B01 does not properly implement csrf protections. Most pages lack proper usage of CSRF protections or mitigations. Additionally, pages that do make use of CSRF tokens are trivially bypassable as the server does not appear to validate them properly (i.e. re-using an old token or finding the token thru some other method is possible)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross site request forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2021-54",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2021-54"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2021-20165",
"datePublished": "2021-12-30T21:31:14",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:30:07.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-13149
Vulnerability from cvelistv5
Published
2019-07-02 12:16
Modified
2024-08-04 23:41
Severity ?
EPSS score ?
Summary
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the key passwd in Routing RIP Settings.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TeamSeri0us/pocs/blob/master/iot/trendnet/cmdinject2.jpg | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:41:10.491Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TeamSeri0us/pocs/blob/master/iot/trendnet/cmdinject2.jpg"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the key passwd in Routing RIP Settings."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-02T12:16:23",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TeamSeri0us/pocs/blob/master/iot/trendnet/cmdinject2.jpg"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13149",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the key passwd in Routing RIP Settings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TeamSeri0us/pocs/blob/master/iot/trendnet/cmdinject2.jpg",
"refsource": "MISC",
"url": "https://github.com/TeamSeri0us/pocs/blob/master/iot/trendnet/cmdinject2.jpg"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13149",
"datePublished": "2019-07-02T12:16:23",
"dateReserved": "2019-07-02T00:00:00",
"dateUpdated": "2024-08-04T23:41:10.491Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20154
Vulnerability from cvelistv5
Published
2021-12-30 21:31
Modified
2024-08-03 17:30
Severity ?
EPSS score ?
Summary
Trendnet AC2600 TEW-827DRU version 2.08B01 contains an security flaw in the web interface. HTTPS is not enabled on the device by default. This results in cleartext transmission of sensitive information such as passwords.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tenable.com/security/research/tra-2021-54 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Trendnet AC2600 TEW-827DRU |
Version: 2.08B01 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:30:07.616Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2021-54"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trendnet AC2600 TEW-827DRU",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2.08B01"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Trendnet AC2600 TEW-827DRU version 2.08B01 contains an security flaw in the web interface. HTTPS is not enabled on the device by default. This results in cleartext transmission of sensitive information such as passwords."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-30T21:31:06",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2021-54"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2021-20154",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trendnet AC2600 TEW-827DRU",
"version": {
"version_data": [
{
"version_value": "2.08B01"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Trendnet AC2600 TEW-827DRU version 2.08B01 contains an security flaw in the web interface. HTTPS is not enabled on the device by default. This results in cleartext transmission of sensitive information such as passwords."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2021-54",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2021-54"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2021-20154",
"datePublished": "2021-12-30T21:31:06",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:30:07.616Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-14081
Vulnerability from cvelistv5
Published
2020-06-15 03:36
Modified
2024-08-04 12:39
Severity ?
EPSS score ?
Summary
TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action send_log_email with the key auth_acname (or auth_passwd), allowing an authenticated user to run arbitrary commands on the device.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/send_log_email_command.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:35.834Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/send_log_email_command.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action send_log_email with the key auth_acname (or auth_passwd), allowing an authenticated user to run arbitrary commands on the device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-15T03:36:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/send_log_email_command.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-14081",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action send_log_email with the key auth_acname (or auth_passwd), allowing an authenticated user to run arbitrary commands on the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/send_log_email_command.pdf",
"refsource": "MISC",
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/send_log_email_command.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-14081",
"datePublished": "2020-06-15T03:36:16",
"dateReserved": "2020-06-15T00:00:00",
"dateUpdated": "2024-08-04T12:39:35.834Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20161
Vulnerability from cvelistv5
Published
2021-12-30 21:31
Modified
2024-08-03 17:30
Severity ?
EPSS score ?
Summary
Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient protections for the UART functionality. A malicious actor with physical access to the device is able to connect to the UART port via a serial connection. No username or password is required and the user is given a root shell with full control of the device.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tenable.com/security/research/tra-2021-54 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Trendnet AC2600 TEW-827DRU |
Version: 2.08B01 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:30:07.472Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2021-54"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trendnet AC2600 TEW-827DRU",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2.08B01"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient protections for the UART functionality. A malicious actor with physical access to the device is able to connect to the UART port via a serial connection. No username or password is required and the user is given a root shell with full control of the device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-30T21:31:09",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2021-54"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2021-20161",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trendnet AC2600 TEW-827DRU",
"version": {
"version_data": [
{
"version_value": "2.08B01"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient protections for the UART functionality. A malicious actor with physical access to the device is able to connect to the UART port via a serial connection. No username or password is required and the user is given a root shell with full control of the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2021-54",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2021-54"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2021-20161",
"datePublished": "2021-12-30T21:31:09",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:30:07.472Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-13154
Vulnerability from cvelistv5
Published
2019-07-02 12:17
Modified
2024-08-04 23:41
Severity ?
EPSS score ?
Summary
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the TCP Ports To Open in Add Gaming Rule.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TeamSeri0us/pocs/blob/master/iot/trendnet/cmdinject678.jpg | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:41:10.477Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TeamSeri0us/pocs/blob/master/iot/trendnet/cmdinject678.jpg"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the TCP Ports To Open in Add Gaming Rule."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-02T12:17:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TeamSeri0us/pocs/blob/master/iot/trendnet/cmdinject678.jpg"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13154",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the TCP Ports To Open in Add Gaming Rule."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TeamSeri0us/pocs/blob/master/iot/trendnet/cmdinject678.jpg",
"refsource": "MISC",
"url": "https://github.com/TeamSeri0us/pocs/blob/master/iot/trendnet/cmdinject678.jpg"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13154",
"datePublished": "2019-07-02T12:17:14",
"dateReserved": "2019-07-02T00:00:00",
"dateUpdated": "2024-08-04T23:41:10.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20155
Vulnerability from cvelistv5
Published
2021-12-30 21:31
Modified
2024-08-03 17:30
Severity ?
EPSS score ?
Summary
Trendnet AC2600 TEW-827DRU version 2.08B01 makes use of hardcoded credentials. It is possible to backup and restore device configurations via the management web interface. These devices are encrypted using a hardcoded password of "12345678".
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tenable.com/security/research/tra-2021-54 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Trendnet AC2600 TEW-827DRU |
Version: 2.08B01 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:30:07.570Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2021-54"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trendnet AC2600 TEW-827DRU",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2.08B01"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Trendnet AC2600 TEW-827DRU version 2.08B01 makes use of hardcoded credentials. It is possible to backup and restore device configurations via the management web interface. These devices are encrypted using a hardcoded password of \"12345678\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Hardcoded Credentials",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-30T21:31:07",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2021-54"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2021-20155",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trendnet AC2600 TEW-827DRU",
"version": {
"version_data": [
{
"version_value": "2.08B01"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Trendnet AC2600 TEW-827DRU version 2.08B01 makes use of hardcoded credentials. It is possible to backup and restore device configurations via the management web interface. These devices are encrypted using a hardcoded password of \"12345678\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Hardcoded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2021-54",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2021-54"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2021-20155",
"datePublished": "2021-12-30T21:31:07",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:30:07.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-13150
Vulnerability from cvelistv5
Published
2019-07-02 12:16
Modified
2024-08-04 23:41
Severity ?
EPSS score ?
Summary
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication). The command injection exists in the key ip_addr.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TeamSeri0us/pocs/blob/master/iot/trendnet/cmdinject1.jpg | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:41:10.563Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TeamSeri0us/pocs/blob/master/iot/trendnet/cmdinject1.jpg"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication). The command injection exists in the key ip_addr."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-02T12:16:37",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TeamSeri0us/pocs/blob/master/iot/trendnet/cmdinject1.jpg"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13150",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication). The command injection exists in the key ip_addr."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TeamSeri0us/pocs/blob/master/iot/trendnet/cmdinject1.jpg",
"refsource": "MISC",
"url": "https://github.com/TeamSeri0us/pocs/blob/master/iot/trendnet/cmdinject1.jpg"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13150",
"datePublished": "2019-07-02T12:16:37",
"dateReserved": "2019-07-02T00:00:00",
"dateUpdated": "2024-08-04T23:41:10.563Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20149
Vulnerability from cvelistv5
Published
2021-12-30 21:31
Modified
2024-08-03 17:30
Severity ?
EPSS score ?
Summary
Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient access controls for the WAN interface. The default iptables ruleset for governing access to services on the device only apply to IPv4. All services running on the devices are accessible via the WAN interface via IPv6 by default.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tenable.com/security/research/tra-2021-54 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Trendnet AC2600 TEW-827DRU |
Version: 2.08B01 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:30:07.478Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2021-54"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trendnet AC2600 TEW-827DRU",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2.08B01"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient access controls for the WAN interface. The default iptables ruleset for governing access to services on the device only apply to IPv4. All services running on the devices are accessible via the WAN interface via IPv6 by default."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-30T21:31:11",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2021-54"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2021-20149",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trendnet AC2600 TEW-827DRU",
"version": {
"version_data": [
{
"version_value": "2.08B01"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient access controls for the WAN interface. The default iptables ruleset for governing access to services on the device only apply to IPv4. All services running on the devices are accessible via the WAN interface via IPv6 by default."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2021-54",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2021-54"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2021-20149",
"datePublished": "2021-12-30T21:31:11",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:30:07.478Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20162
Vulnerability from cvelistv5
Published
2021-12-30 21:31
Modified
2024-08-03 17:30
Severity ?
EPSS score ?
Summary
Trendnet AC2600 TEW-827DRU version 2.08B01 stores credentials in plaintext. Usernames and passwords are stored in plaintext in the config files on the device. For example, /etc/config/cameo contains the admin password in plaintext.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tenable.com/security/research/tra-2021-54 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Trendnet AC2600 TEW-827DRU |
Version: 2.08B01 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:30:07.494Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2021-54"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trendnet AC2600 TEW-827DRU",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2.08B01"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Trendnet AC2600 TEW-827DRU version 2.08B01 stores credentials in plaintext. Usernames and passwords are stored in plaintext in the config files on the device. For example, /etc/config/cameo contains the admin password in plaintext."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Credential Storage",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-30T21:31:09",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2021-54"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2021-20162",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trendnet AC2600 TEW-827DRU",
"version": {
"version_data": [
{
"version_value": "2.08B01"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Trendnet AC2600 TEW-827DRU version 2.08B01 stores credentials in plaintext. Usernames and passwords are stored in plaintext in the config files on the device. For example, /etc/config/cameo contains the admin password in plaintext."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Credential Storage"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2021-54",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2021-54"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2021-20162",
"datePublished": "2021-12-30T21:31:09",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:30:07.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-13276
Vulnerability from cvelistv5
Published
2019-07-10 16:19
Modified
2024-08-04 23:49
Severity ?
EPSS score ?
Summary
TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains a stack-based buffer overflow in the ssi binary. The overflow allows an unauthenticated user to execute arbitrary code by providing a sufficiently long query string when POSTing to any valid cgi, txt, asp, or js file. The vulnerability can be exercised on the local intranet or remotely if remote administration is enabled.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/fuzzywalls/TRENDNetExploits/tree/master/CVE-2019-13276 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:24.551Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fuzzywalls/TRENDNetExploits/tree/master/CVE-2019-13276"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains a stack-based buffer overflow in the ssi binary. The overflow allows an unauthenticated user to execute arbitrary code by providing a sufficiently long query string when POSTing to any valid cgi, txt, asp, or js file. The vulnerability can be exercised on the local intranet or remotely if remote administration is enabled."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-10T16:19:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fuzzywalls/TRENDNetExploits/tree/master/CVE-2019-13276"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13276",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains a stack-based buffer overflow in the ssi binary. The overflow allows an unauthenticated user to execute arbitrary code by providing a sufficiently long query string when POSTing to any valid cgi, txt, asp, or js file. The vulnerability can be exercised on the local intranet or remotely if remote administration is enabled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/fuzzywalls/TRENDNetExploits/tree/master/CVE-2019-13276",
"refsource": "MISC",
"url": "https://github.com/fuzzywalls/TRENDNetExploits/tree/master/CVE-2019-13276"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13276",
"datePublished": "2019-07-10T16:19:06",
"dateReserved": "2019-07-04T00:00:00",
"dateUpdated": "2024-08-04T23:49:24.551Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-14079
Vulnerability from cvelistv5
Published
2020-06-15 03:36
Modified
2024-08-04 12:39
Severity ?
EPSS score ?
Summary
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action auto_up_fw (or auto_up_lp) with a sufficiently long update_file_name key.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:35.995Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/TRENDnet-auto_up_fw.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/auto_up_fw_overflow.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/TRENDnet-auto_up_lp.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/auto_up_lp_overflow.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action auto_up_fw (or auto_up_lp) with a sufficiently long update_file_name key."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-15T03:36:34",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/TRENDnet-auto_up_fw.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/auto_up_fw_overflow.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/TRENDnet-auto_up_lp.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/auto_up_lp_overflow.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-14079",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action auto_up_fw (or auto_up_lp) with a sufficiently long update_file_name key."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/TRENDnet-auto_up_fw.pdf",
"refsource": "MISC",
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/TRENDnet-auto_up_fw.pdf"
},
{
"name": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/auto_up_fw_overflow.pdf",
"refsource": "MISC",
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/auto_up_fw_overflow.pdf"
},
{
"name": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/TRENDnet-auto_up_lp.pdf",
"refsource": "MISC",
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/TRENDnet-auto_up_lp.pdf"
},
{
"name": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/auto_up_lp_overflow.pdf",
"refsource": "MISC",
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/auto_up_lp_overflow.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-14079",
"datePublished": "2020-06-15T03:36:34",
"dateReserved": "2020-06-15T00:00:00",
"dateUpdated": "2024-08-04T12:39:35.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-13148
Vulnerability from cvelistv5
Published
2019-07-02 12:16
Modified
2024-08-04 23:41
Severity ?
EPSS score ?
Summary
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the UDP Ports To Open in Add Gaming Rule.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TeamSeri0us/pocs/blob/master/iot/trendnet/cmdinject678.jpg | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:41:10.474Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TeamSeri0us/pocs/blob/master/iot/trendnet/cmdinject678.jpg"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the UDP Ports To Open in Add Gaming Rule."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-02T12:16:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TeamSeri0us/pocs/blob/master/iot/trendnet/cmdinject678.jpg"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13148",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the UDP Ports To Open in Add Gaming Rule."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TeamSeri0us/pocs/blob/master/iot/trendnet/cmdinject678.jpg",
"refsource": "MISC",
"url": "https://github.com/TeamSeri0us/pocs/blob/master/iot/trendnet/cmdinject678.jpg"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13148",
"datePublished": "2019-07-02T12:16:16",
"dateReserved": "2019-07-02T00:00:00",
"dateUpdated": "2024-08-04T23:41:10.474Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20153
Vulnerability from cvelistv5
Published
2021-12-30 21:31
Modified
2024-08-03 17:30
Severity ?
EPSS score ?
Summary
Trendnet AC2600 TEW-827DRU version 2.08B01 contains a symlink vulnerability in the bittorrent functionality. If enabled, the bittorrent functionality is vulnerable to a symlink attack that could lead to remote code execution on the device. If an end user inserts a flash drive with a malicious symlink on it that the bittorrent client can write downloads to, then a user is able to download arbitrary files to any desired location on the devices filesystem, which could lead to remote code execution. Example directories vulnerable to this include "config", "downloads", and "torrents", though it should be noted that "downloads" is the only vector that allows for arbitrary files to be downloaded to arbitrary locations.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tenable.com/security/research/tra-2021-54 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Trendnet AC2600 TEW-827DRU |
Version: 2.08B01 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:30:07.638Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2021-54"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trendnet AC2600 TEW-827DRU",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2.08B01"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Trendnet AC2600 TEW-827DRU version 2.08B01 contains a symlink vulnerability in the bittorrent functionality. If enabled, the bittorrent functionality is vulnerable to a symlink attack that could lead to remote code execution on the device. If an end user inserts a flash drive with a malicious symlink on it that the bittorrent client can write downloads to, then a user is able to download arbitrary files to any desired location on the devices filesystem, which could lead to remote code execution. Example directories vulnerable to this include \"config\", \"downloads\", and \"torrents\", though it should be noted that \"downloads\" is the only vector that allows for arbitrary files to be downloaded to arbitrary locations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "UNIX Symbolic Link Following",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-30T21:31:06",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2021-54"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2021-20153",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trendnet AC2600 TEW-827DRU",
"version": {
"version_data": [
{
"version_value": "2.08B01"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Trendnet AC2600 TEW-827DRU version 2.08B01 contains a symlink vulnerability in the bittorrent functionality. If enabled, the bittorrent functionality is vulnerable to a symlink attack that could lead to remote code execution on the device. If an end user inserts a flash drive with a malicious symlink on it that the bittorrent client can write downloads to, then a user is able to download arbitrary files to any desired location on the devices filesystem, which could lead to remote code execution. Example directories vulnerable to this include \"config\", \"downloads\", and \"torrents\", though it should be noted that \"downloads\" is the only vector that allows for arbitrary files to be downloaded to arbitrary locations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNIX Symbolic Link Following"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2021-54",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2021-54"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2021-20153",
"datePublished": "2021-12-30T21:31:06",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:30:07.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20150
Vulnerability from cvelistv5
Published
2021-12-30 21:31
Modified
2024-08-03 17:30
Severity ?
EPSS score ?
Summary
Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses information via redirection from the setup wizard. Authentication can be bypassed and a user may view information as Admin by manually browsing to the setup wizard and forcing it to redirect to the desired page.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tenable.com/security/research/tra-2021-54 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Trendnet AC2600 TEW-827DRU |
Version: 2.08B01 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:30:07.420Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2021-54"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trendnet AC2600 TEW-827DRU",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2.08B01"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses information via redirection from the setup wizard. Authentication can be bypassed and a user may view information as Admin by manually browsing to the setup wizard and forcing it to redirect to the desired page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-30T21:31:12",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2021-54"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2021-20150",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trendnet AC2600 TEW-827DRU",
"version": {
"version_data": [
{
"version_value": "2.08B01"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses information via redirection from the setup wizard. Authentication can be bypassed and a user may view information as Admin by manually browsing to the setup wizard and forcing it to redirect to the desired page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2021-54",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2021-54"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2021-20150",
"datePublished": "2021-12-30T21:31:12",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:30:07.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-14077
Vulnerability from cvelistv5
Published
2020-06-15 03:36
Modified
2024-08-04 12:39
Severity ?
EPSS score ?
Summary
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action set_sta_enrollee_pin_wifi1 (or set_sta_enrollee_pin_wifi0) with a sufficiently long wps_sta_enrollee_pin key.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:35.921Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/set_sta_enrollee_pin_wifi_overflow.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/TRENDnet-set_sta_enrollee.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action set_sta_enrollee_pin_wifi1 (or set_sta_enrollee_pin_wifi0) with a sufficiently long wps_sta_enrollee_pin key."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-15T03:36:50",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/set_sta_enrollee_pin_wifi_overflow.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/TRENDnet-set_sta_enrollee.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-14077",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action set_sta_enrollee_pin_wifi1 (or set_sta_enrollee_pin_wifi0) with a sufficiently long wps_sta_enrollee_pin key."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/set_sta_enrollee_pin_wifi_overflow.pdf",
"refsource": "MISC",
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/set_sta_enrollee_pin_wifi_overflow.pdf"
},
{
"name": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/TRENDnet-set_sta_enrollee.pdf",
"refsource": "MISC",
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/TRENDnet-set_sta_enrollee.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-14077",
"datePublished": "2020-06-15T03:36:50",
"dateReserved": "2020-06-15T00:00:00",
"dateUpdated": "2024-08-04T12:39:35.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-14078
Vulnerability from cvelistv5
Published
2020-06-15 03:36
Modified
2024-08-04 12:39
Severity ?
EPSS score ?
Summary
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action wifi_captive_portal_login with a sufficiently long REMOTE_ADDR key.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:35.606Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/wifi_captive_portal_login_overflow.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/TRENDnet-wifi_captive.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action wifi_captive_portal_login with a sufficiently long REMOTE_ADDR key."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-15T03:36:43",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/wifi_captive_portal_login_overflow.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/TRENDnet-wifi_captive.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-14078",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action wifi_captive_portal_login with a sufficiently long REMOTE_ADDR key."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/wifi_captive_portal_login_overflow.pdf",
"refsource": "MISC",
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/wifi_captive_portal_login_overflow.pdf"
},
{
"name": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/TRENDnet-wifi_captive.pdf",
"refsource": "MISC",
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/TRENDnet-wifi_captive.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-14078",
"datePublished": "2020-06-15T03:36:43",
"dateReserved": "2020-06-15T00:00:00",
"dateUpdated": "2024-08-04T12:39:35.606Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-13155
Vulnerability from cvelistv5
Published
2019-07-02 12:17
Modified
2024-08-04 23:41
Severity ?
EPSS score ?
Summary
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the IP Address in Add Virtual Server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TeamSeri0us/pocs/blob/master/iot/trendnet/cmdinject45.jpg | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:41:10.481Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TeamSeri0us/pocs/blob/master/iot/trendnet/cmdinject45.jpg"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the IP Address in Add Virtual Server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-02T12:17:36",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TeamSeri0us/pocs/blob/master/iot/trendnet/cmdinject45.jpg"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13155",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the IP Address in Add Virtual Server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TeamSeri0us/pocs/blob/master/iot/trendnet/cmdinject45.jpg",
"refsource": "MISC",
"url": "https://github.com/TeamSeri0us/pocs/blob/master/iot/trendnet/cmdinject45.jpg"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13155",
"datePublished": "2019-07-02T12:17:36",
"dateReserved": "2019-07-02T00:00:00",
"dateUpdated": "2024-08-04T23:41:10.481Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-13280
Vulnerability from cvelistv5
Published
2019-07-09 18:44
Modified
2024-08-04 23:49
Severity ?
EPSS score ?
Summary
TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains a stack-based buffer overflow while returning an error message to the user about failure to resolve a hostname during a ping or traceroute attempt. This allows an authenticated user to execute arbitrary code. The exploit can be exercised on the local intranet or remotely if remote administration is enabled.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/fuzzywalls/TRENDNetExploits/tree/master/CVE-2019-13280 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:24.068Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fuzzywalls/TRENDNetExploits/tree/master/CVE-2019-13280"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains a stack-based buffer overflow while returning an error message to the user about failure to resolve a hostname during a ping or traceroute attempt. This allows an authenticated user to execute arbitrary code. The exploit can be exercised on the local intranet or remotely if remote administration is enabled."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-09T18:44:23",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fuzzywalls/TRENDNetExploits/tree/master/CVE-2019-13280"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13280",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains a stack-based buffer overflow while returning an error message to the user about failure to resolve a hostname during a ping or traceroute attempt. This allows an authenticated user to execute arbitrary code. The exploit can be exercised on the local intranet or remotely if remote administration is enabled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/fuzzywalls/TRENDNetExploits/tree/master/CVE-2019-13280",
"refsource": "MISC",
"url": "https://github.com/fuzzywalls/TRENDNetExploits/tree/master/CVE-2019-13280"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13280",
"datePublished": "2019-07-09T18:44:23",
"dateReserved": "2019-07-04T00:00:00",
"dateUpdated": "2024-08-04T23:49:24.068Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20164
Vulnerability from cvelistv5
Published
2021-12-30 21:31
Modified
2024-08-03 17:30
Severity ?
EPSS score ?
Summary
Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses credentials for the smb functionality of the device. Usernames and passwords for all smb users are revealed in plaintext on the smbserver.asp page.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tenable.com/security/research/tra-2021-54 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Trendnet AC2600 TEW-827DRU |
Version: 2.08B01 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:30:07.479Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2021-54"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trendnet AC2600 TEW-827DRU",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2.08B01"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses credentials for the smb functionality of the device. Usernames and passwords for all smb users are revealed in plaintext on the smbserver.asp page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-30T21:31:13",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2021-54"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2021-20164",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trendnet AC2600 TEW-827DRU",
"version": {
"version_data": [
{
"version_value": "2.08B01"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses credentials for the smb functionality of the device. Usernames and passwords for all smb users are revealed in plaintext on the smbserver.asp page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2021-54",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2021-54"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2021-20164",
"datePublished": "2021-12-30T21:31:13",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:30:07.479Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-13279
Vulnerability from cvelistv5
Published
2019-07-10 16:27
Modified
2024-08-04 23:49
Severity ?
EPSS score ?
Summary
TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple stack-based buffer overflows when processing user input for the setup wizard, allowing an unauthenticated user to execute arbitrary code. The vulnerability can be exercised on the local intranet or remotely if remote administration is enabled.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/fuzzywalls/TRENDNetExploits/tree/master/CVE-2019-13279 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:23.969Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fuzzywalls/TRENDNetExploits/tree/master/CVE-2019-13279"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple stack-based buffer overflows when processing user input for the setup wizard, allowing an unauthenticated user to execute arbitrary code. The vulnerability can be exercised on the local intranet or remotely if remote administration is enabled."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-10T16:27:52",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fuzzywalls/TRENDNetExploits/tree/master/CVE-2019-13279"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13279",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple stack-based buffer overflows when processing user input for the setup wizard, allowing an unauthenticated user to execute arbitrary code. The vulnerability can be exercised on the local intranet or remotely if remote administration is enabled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/fuzzywalls/TRENDNetExploits/tree/master/CVE-2019-13279",
"refsource": "MISC",
"url": "https://github.com/fuzzywalls/TRENDNetExploits/tree/master/CVE-2019-13279"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13279",
"datePublished": "2019-07-10T16:27:52",
"dateReserved": "2019-07-04T00:00:00",
"dateUpdated": "2024-08-04T23:49:23.969Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20151
Vulnerability from cvelistv5
Published
2021-12-30 21:31
Modified
2024-08-03 17:30
Severity ?
EPSS score ?
Summary
Trendnet AC2600 TEW-827DRU version 2.08B01 contains a flaw in the session management for the device. The router's management software manages web sessions based on IP address rather than verifying client cookies/session tokens/etc. This allows an attacker (whether from a different computer, different web browser on the same machine, etc.) to take over an existing session. This does require the attacker to be able to spoof or take over original IP address of the original user's session.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tenable.com/security/research/tra-2021-54 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Trendnet AC2600 TEW-827DRU |
Version: 2.08B01 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:30:07.607Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2021-54"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trendnet AC2600 TEW-827DRU",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2.08B01"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Trendnet AC2600 TEW-827DRU version 2.08B01 contains a flaw in the session management for the device. The router\u0027s management software manages web sessions based on IP address rather than verifying client cookies/session tokens/etc. This allows an attacker (whether from a different computer, different web browser on the same machine, etc.) to take over an existing session. This does require the attacker to be able to spoof or take over original IP address of the original user\u0027s session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-30T21:31:12",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2021-54"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2021-20151",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trendnet AC2600 TEW-827DRU",
"version": {
"version_data": [
{
"version_value": "2.08B01"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Trendnet AC2600 TEW-827DRU version 2.08B01 contains a flaw in the session management for the device. The router\u0027s management software manages web sessions based on IP address rather than verifying client cookies/session tokens/etc. This allows an attacker (whether from a different computer, different web browser on the same machine, etc.) to take over an existing session. This does require the attacker to be able to spoof or take over original IP address of the original user\u0027s session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2021-54",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2021-54"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2021-20151",
"datePublished": "2021-12-30T21:31:12",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:30:07.607Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20163
Vulnerability from cvelistv5
Published
2021-12-30 21:31
Modified
2024-08-03 17:30
Severity ?
EPSS score ?
Summary
Trendnet AC2600 TEW-827DRU version 2.08B01 leaks information via the ftp web page. Usernames and passwords for all ftp users are revealed in plaintext on the ftpserver.asp page.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tenable.com/security/research/tra-2021-54 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Trendnet AC2600 TEW-827DRU |
Version: 2.08B01 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:30:07.436Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2021-54"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trendnet AC2600 TEW-827DRU",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2.08B01"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Trendnet AC2600 TEW-827DRU version 2.08B01 leaks information via the ftp web page. Usernames and passwords for all ftp users are revealed in plaintext on the ftpserver.asp page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-30T21:31:10",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2021-54"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2021-20163",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trendnet AC2600 TEW-827DRU",
"version": {
"version_data": [
{
"version_value": "2.08B01"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Trendnet AC2600 TEW-827DRU version 2.08B01 leaks information via the ftp web page. Usernames and passwords for all ftp users are revealed in plaintext on the ftpserver.asp page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2021-54",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2021-54"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2021-20163",
"datePublished": "2021-12-30T21:31:10",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:30:07.436Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-13153
Vulnerability from cvelistv5
Published
2019-07-02 12:17
Modified
2024-08-04 23:41
Severity ?
EPSS score ?
Summary
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the Private Port in Add Virtual Server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TeamSeri0us/pocs/blob/master/iot/trendnet/cmdinject45.jpg | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:41:10.479Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TeamSeri0us/pocs/blob/master/iot/trendnet/cmdinject45.jpg"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the Private Port in Add Virtual Server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-02T12:17:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TeamSeri0us/pocs/blob/master/iot/trendnet/cmdinject45.jpg"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13153",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the Private Port in Add Virtual Server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TeamSeri0us/pocs/blob/master/iot/trendnet/cmdinject45.jpg",
"refsource": "MISC",
"url": "https://github.com/TeamSeri0us/pocs/blob/master/iot/trendnet/cmdinject45.jpg"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13153",
"datePublished": "2019-07-02T12:17:06",
"dateReserved": "2019-07-02T00:00:00",
"dateUpdated": "2024-08-04T23:41:10.479Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20157
Vulnerability from cvelistv5
Published
2021-12-30 21:31
Modified
2024-08-03 17:30
Severity ?
EPSS score ?
Summary
It is possible for an unauthenticated, malicious user to force the device to reboot due to a hidden administrative command.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tenable.com/security/research/tra-2021-54 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Trendnet AC2600 TEW-827DRU |
Version: 2.08B01 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:30:07.471Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2021-54"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trendnet AC2600 TEW-827DRU",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2.08B01"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "It is possible for an unauthenticated, malicious user to force the device to reboot due to a hidden administrative command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-30T21:31:03",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2021-54"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2021-20157",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trendnet AC2600 TEW-827DRU",
"version": {
"version_data": [
{
"version_value": "2.08B01"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It is possible for an unauthenticated, malicious user to force the device to reboot due to a hidden administrative command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2021-54",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2021-54"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2021-20157",
"datePublished": "2021-12-30T21:31:03",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:30:07.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}