TEW-814DAP
by Trendnet
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-0919 | 0.03 | — | 0.23 | Jan 26, 2024 | A vulnerability was found in TRENDnet TEW-815DAP 1.0.2.0. It has been classified as critical. This affects the function do_setNTP of the component POST Request Handler. The manipulation of the argument NtpDstStart/NtpDstEnd leads to command injection. It is possible to initiate… | |||
| CVE-2024-37642 | 0.02 | — | 0.11 | Jun 14, 2024 | TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a command injection vulnerability via the ipv4_ping, ipv6_ping parameter at /formSystemCheck . | |||
| CVE-2024-37645 | 0.00 | — | 0.01 | Jun 14, 2024 | TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack overflow vulnerability via the submit-url parameter at /formSysLog . | |||
| CVE-2024-37644 | 0.00 | — | 0.00 | Jun 14, 2024 | TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root. | |||
| CVE-2024-37641 | 0.00 | — | 0.01 | Jun 14, 2024 | TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack overflow via the submit-url parameter at /formNewSchedule | |||
| CVE-2024-37643 | 0.00 | — | 0.01 | Jun 14, 2024 | TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack overflow vulnerability via the submit-url parameter at /formPasswordAuth . | |||
| CVE-2024-22546 | 0.00 | — | 0.01 | Apr 30, 2024 | TRENDnet TEW-815DAP 1.0.2.0 is vulnerable to Command Injection via the do_setNTP function. An authenticated attacker with administrator privileges can leverage this vulnerability over the network via a malicious POST request. |
- CVE-2024-0919Jan 26, 2024risk 0.03cvss —epss 0.23
A vulnerability was found in TRENDnet TEW-815DAP 1.0.2.0. It has been classified as critical. This affects the function do_setNTP of the component POST Request Handler. The manipulation of the argument NtpDstStart/NtpDstEnd leads to command injection. It is possible to initiate…
- CVE-2024-37642Jun 14, 2024risk 0.02cvss —epss 0.11
TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a command injection vulnerability via the ipv4_ping, ipv6_ping parameter at /formSystemCheck .
- CVE-2024-37645Jun 14, 2024risk 0.00cvss —epss 0.01
TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack overflow vulnerability via the submit-url parameter at /formSysLog .
- CVE-2024-37644Jun 14, 2024risk 0.00cvss —epss 0.00
TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root.
- CVE-2024-37641Jun 14, 2024risk 0.00cvss —epss 0.01
TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack overflow via the submit-url parameter at /formNewSchedule
- CVE-2024-37643Jun 14, 2024risk 0.00cvss —epss 0.01
TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack overflow vulnerability via the submit-url parameter at /formPasswordAuth .
- CVE-2024-22546Apr 30, 2024risk 0.00cvss —epss 0.01
TRENDnet TEW-815DAP 1.0.2.0 is vulnerable to Command Injection via the do_setNTP function. An authenticated attacker with administrator privileges can leverage this vulnerability over the network via a malicious POST request.