Unrated severityNVD Advisory· Published Jun 15, 2020· Updated Aug 4, 2024
CVE-2020-14075
CVE-2020-14075
Description
TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action pppoe_connect, ru_pppoe_connect, or dhcp_connect with the key wan_ifname (or wan0_dns), allowing an authenticated user to run arbitrary commands on the device.
Affected products
2- TRENDnet/TEW-827DRUdescription
- Range: <=2.06B04
Patches
Vulnerability mechanics
References
2- github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/TRENDnet-dhcp_connect.pdfmitrex_refsource_MISC
- github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/dhcp_connect_command.pdfmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.