VYPR

TEW-824DRU

by Trendnet

CVEs (5)

  • CVE-2014-8579CriJan 5, 2018
    risk 0.64cvss 9.8epss 0.02

    TRENDnet TEW-823DRU devices with firmware before 1.00b36 have a hardcoded password of kcodeskcodes for the root account, which makes it easier for remote attackers to obtain access via an FTP session.

  • CVE-2024-36728HigJun 3, 2024
    risk 0.53cvss 8.1epss 0.05

    TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action vlan_setting with a sufficiently long dns1 or dns 2 key.

  • CVE-2024-22545HigJan 26, 2024
    risk 0.51cvss 7.8epss 0.01

    An issue was discovered in TRENDnet TEW-824DRU version 1.04b01, allows unauthenticated attackers to execute arbitrary code via the system.ntp.server parameter in the sub_420AE0() function. The attack can be launched remotely.

  • CVE-2024-36729MedJun 3, 2024
    risk 0.41cvss 6.3epss 0.05

    TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action wizard_ipv6 with a sufficiently long reboot_type key.

  • CVE-2026-4354LowMar 18, 2026
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was identified in TRENDnet TEW-824DRU 1.010B01/1.04B01. The impacted element is the function sub_420A78 of the file apply_sec.cgi of the component Web Interface. Such manipulation of the argument Language leads to cross site scripting. It is possible to launch…