Vendor CVEs
Trendnet
All CVEs
213 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-51189 | 0.00 | — | 0.00 | Nov 11, 2024 | TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the macList_Name_1.1.1.0.0 parameter on the /filters.htm page. | |||
| CVE-2024-51188 | 0.00 | — | 0.00 | Nov 11, 2024 | TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the vsRule_VirtualServerName_1.1.10.0.0 parameter on the /virtual_server.htm page. | |||
| CVE-2024-42813 | 0.00 | — | 0.01 | Aug 19, 2024 | In TRENDnet TEW-752DRU FW1.03B01, there is a buffer overflow vulnerability due to the lack of length verification for the service field in gena.cgi. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands. | |||
| CVE-2024-37645 | 0.00 | — | 0.01 | Jun 14, 2024 | TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack overflow vulnerability via the submit-url parameter at /formSysLog . | |||
| CVE-2024-37641 | 0.00 | — | 0.01 | Jun 14, 2024 | TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack overflow via the submit-url parameter at /formNewSchedule | |||
| CVE-2024-37644 | 0.00 | — | 0.00 | Jun 14, 2024 | TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root. | |||
| CVE-2024-37643 | 0.00 | — | 0.01 | Jun 14, 2024 | TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack overflow vulnerability via the submit-url parameter at /formPasswordAuth . | |||
| CVE-2024-36728 | 0.00 | — | 0.05 | Jun 3, 2024 | TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action vlan_setting with a sufficiently long dns1 or dns 2 key. | |||
| CVE-2024-36729 | 0.00 | — | 0.05 | Jun 3, 2024 | TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action wizard_ipv6 with a sufficiently long reboot_type key. | |||
| CVE-2024-22546 | 0.00 | — | 0.01 | Apr 30, 2024 | TRENDnet TEW-815DAP 1.0.2.0 is vulnerable to Command Injection via the do_setNTP function. An authenticated attacker with administrator privileges can leverage this vulnerability over the network via a malicious POST request. | |||
| CVE-2023-51148 | 0.00 | — | 0.01 | Mar 26, 2024 | An issue in TRENDnet Trendnet AC1200 Dual Band PoE Indoor Wireless Access Point TEW-821DAP v.3.00b06 allows an attacker to execute arbitrary code via the 'mycli' command-line interface component. | |||
| CVE-2023-51147 | 0.00 | — | 0.01 | Mar 26, 2024 | Buffer Overflow vulnerability in TRENDnet Trendnet AC1200 TEW-821DAP with firmware version 3.00b06 allows an attacker to execute arbitrary code via the adm_mod_pwd action. | |||
| CVE-2023-51146 | 0.00 | — | 0.01 | Mar 26, 2024 | Buffer Overflow vulnerability in TRENDnet AC1200 TEW-821DAP with firmware version 3.00b06 allows an attacker to execute arbitrary code via the adm_add_user action. | |||
| CVE-2024-28353 | 0.00 | — | 0.02 | Mar 15, 2024 | There is a command injection vulnerability in the TRENDnet TEW-827DRU router with firmware version 2.10B01. An attacker can inject commands into the post request parameters usapps.config.smb_admin_name in the apply.cgi interface, thereby gaining root shell privileges. | |||
| CVE-2024-28354 | 0.00 | — | 0.02 | Mar 15, 2024 | There is a command injection vulnerability in the TRENDnet TEW-827DRU router with firmware version 2.10B01. An attacker can inject commands into the post request parameters usapps.@smb[%d].username in the apply.cgi interface, thereby gaining root shell privileges. | |||
| CVE-2023-51835 | 0.00 | — | 0.07 | Feb 1, 2024 | An issue in TRENDnet TEW-822DRE v.1.03B02 allows a local attacker to execute arbitrary code via the parameters ipv4_ping in the /boafrm/formSystemCheck. | |||
| CVE-2024-0920 | 0.00 | — | 0.09 | Jan 26, 2024 | A vulnerability was found in TRENDnet TEW-822DRE 1.03B02. It has been declared as critical. This vulnerability affects unknown code of the file /admin_ping.htm of the component POST Request Handler. The manipulation of the argument ipv4_ping/ipv6_ping leads to command injection.… | |||
| CVE-2024-22545 | 0.00 | — | 0.01 | Jan 26, 2024 | An issue was discovered in TRENDnet TEW-824DRU version 1.04b01, allows unauthenticated attackers to execute arbitrary code via the system.ntp.server parameter in the sub_420AE0() function. The attack can be launched remotely. | |||
| CVE-2023-51833 | 0.00 | — | 0.04 | Jan 25, 2024 | A command injection issue in TRENDnet TEW-411BRPplus v.2.07_eu that allows a local attacker to execute arbitrary code via the data1 parameter in the debug.cgi page. | |||
| CVE-2023-49236 | 0.00 | — | 0.01 | Jan 9, 2024 | A stack-based buffer overflow was discovered on TRENDnet TV-IP1314PI 5.5.3 200714 devices, leading to arbitrary command execution. This occurs because of lack of length validation during an sscanf of a user-entered scale field in the RTSP playback function of davinci. | |||
| CVE-2023-49235 | 0.00 | — | 0.01 | Jan 9, 2024 | An issue was discovered in libremote_dbg.so on TRENDnet TV-IP1314PI 5.5.3 200714 devices. Filtering of debug information is mishandled during use of popen. Consequently, an attacker can bypass validation and execute a shell command. | |||
| CVE-2023-0640 | 0.00 | — | 0.07 | Feb 2, 2023 | A vulnerability was found in TRENDnet TEW-652BRP 3.04b01. It has been classified as critical. Affected is an unknown function of the file ping.ccp of the component Web Interface. The manipulation leads to command injection. It is possible to launch the attack remotely. The… | |||
| CVE-2023-0639 | 0.00 | — | 0.00 | Feb 2, 2023 | A vulnerability was found in TRENDnet TEW-652BRP 3.04b01 and classified as problematic. This issue affects some unknown processing of the file get_set.ccp of the component Web Management Interface. The manipulation of the argument nextPage leads to cross site scripting. The… | |||
| CVE-2023-0638 | 0.00 | — | 0.03 | Feb 2, 2023 | A vulnerability has been found in TRENDnet TEW-811DRU 1.0.10.0 and classified as critical. This vulnerability affects unknown code of the component Web Interface. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to… | |||
| CVE-2023-0637 | 0.00 | — | 0.01 | Feb 2, 2023 | A vulnerability, which was classified as critical, was found in TRENDnet TEW-811DRU 1.0.10.0. This affects an unknown part of the file wan.asp of the component Web Management Interface. The manipulation leads to memory corruption. It is possible to initiate the attack remotely.… | |||
| CVE-2023-23120 | 0.00 | — | 0.00 | Feb 2, 2023 | The use of the cyclic redundancy check (CRC) algorithm for integrity check during firmware update makes TRENDnet TV-IP651WI Network Camera firmware version v1.07.01 and earlier vulnerable to firmware modification attacks. An attacker can conduct a man-in-the-middle (MITM) attack… | |||
| CVE-2023-0618 | 0.00 | — | 0.01 | Feb 1, 2023 | A vulnerability was found in TRENDnet TEW-652BRP 3.04B01. It has been declared as critical. This vulnerability affects unknown code of the file cfg_op.ccp of the component Web Service. The manipulation leads to memory corruption. The attack can be initiated remotely. The exploit… | |||
| CVE-2023-0617 | 0.00 | — | 0.01 | Feb 1, 2023 | A vulnerability was found in TRENDNet TEW-811DRU 1.0.10.0. It has been classified as critical. This affects an unknown part of the file /wireless/guestnetwork.asp of the component httpd. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely.… | |||
| CVE-2023-0613 | 0.00 | — | 0.01 | Feb 1, 2023 | A vulnerability has been found in TRENDnet TEW-811DRU 1.0.10.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /wireless/security.asp of the component httpd. The manipulation leads to memory corruption. The attack can be… | |||
| CVE-2023-0612 | 0.00 | — | 0.01 | Feb 1, 2023 | A vulnerability, which was classified as critical, was found in TRENDnet TEW-811DRU 1.0.10.0. Affected is an unknown function of the file /wireless/basic.asp of the component httpd. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The… | |||
| CVE-2023-0611 | 0.00 | — | 0.04 | Feb 1, 2023 | A vulnerability, which was classified as critical, has been found in TRENDnet TEW-652BRP 3.04B01. This issue affects some unknown processing of the file get_set.ccp of the component Web Management Interface. The manipulation leads to command injection. The attack may be… | |||
| CVE-2023-24098 | 0.00 | — | 0.01 | Jan 23, 2023 | TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the submit-url parameter at /formSysLog. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This vulnerability… | |||
| CVE-2023-24096 | 0.00 | — | 0.01 | Jan 23, 2023 | TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the newpass parameter at /formPasswordSetup. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This vulnerability… | |||
| CVE-2023-24097 | 0.00 | — | 0.01 | Jan 23, 2023 | TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the submit-url parameter at /formPasswordAuth. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This… | |||
| CVE-2023-24095 | 0.00 | — | 0.01 | Jan 23, 2023 | TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the submit-url parameter at /formSystemCheck. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This… | |||
| CVE-2023-24099 | 0.00 | — | 0.01 | Jan 23, 2023 | TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the username parameter at /formWizardPassword. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This… | |||
| CVE-2022-47065 | 0.00 | — | 0.01 | Jan 23, 2023 | TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the submit-url parameter at /formNewSchedule. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This… | |||
| CVE-2022-46593 | 0.00 | — | 0.01 | Dec 30, 2022 | TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the wps_sta_enrollee_pin parameter in the do_sta_enrollee_wifi function. | |||
| CVE-2022-46588 | 0.00 | — | 0.01 | Dec 30, 2022 | TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the sys_service parameter in the setup_wizard_mydlink (sub_4104B8) function. | |||
| CVE-2022-46584 | 0.00 | — | 0.01 | Dec 30, 2022 | TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the qcawifi.wifi%d_vap%d.maclist parameter in the kick_ban_wifi_mac_deny (sub_415D7C) function. | |||
| CVE-2022-46591 | 0.00 | — | 0.01 | Dec 30, 2022 | TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the reject_url parameter in the reject (sub_41BD60) function. | |||
| CVE-2022-46582 | 0.00 | — | 0.01 | Dec 30, 2022 | TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the login_name parameter in the do_graph_auth (sub_4061E0) function. | |||
| CVE-2022-46592 | 0.00 | — | 0.01 | Dec 30, 2022 | TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the wps_sta_enrollee_pin parameter in the set_sta_enrollee_pin_5g function. | |||
| CVE-2022-46589 | 0.00 | — | 0.01 | Dec 30, 2022 | TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the cameo.cameo.netstat_option parameter in the tools_netstat (sub_41E730) function. | |||
| CVE-2022-46596 | 0.00 | — | 0.01 | Dec 30, 2022 | TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the del_num parameter in the icp_delete_img (sub_41DEDC) function. | |||
| CVE-2022-46599 | 0.00 | — | 0.01 | Dec 30, 2022 | TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the setlogo_num parameter in the icp_setlogo_img (sub_41DBF4) function. | |||
| CVE-2022-46585 | 0.00 | — | 0.01 | Dec 30, 2022 | TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the REMOTE_USER parameter in the get_access (sub_45AC2C) function. | |||
| CVE-2022-46580 | 0.00 | — | 0.01 | Dec 30, 2022 | TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the user_edit_page parameter in the wifi_captive_portal function. | |||
| CVE-2022-46586 | 0.00 | — | 0.01 | Dec 30, 2022 | TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the qcawifi.wifi%d_vap%d.maclist parameter in the kick_ban_wifi_mac_allow (sub_415B00) function. | |||
| CVE-2022-46594 | 0.00 | — | 0.01 | Dec 30, 2022 | TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the update_file_name parameter in the auto_up_fw (sub_420A04) function. |
- CVE-2024-51189Nov 11, 2024risk 0.00cvss —epss 0.00
TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the macList_Name_1.1.1.0.0 parameter on the /filters.htm page.
- CVE-2024-51188Nov 11, 2024risk 0.00cvss —epss 0.00
TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the vsRule_VirtualServerName_1.1.10.0.0 parameter on the /virtual_server.htm page.
- CVE-2024-42813Aug 19, 2024risk 0.00cvss —epss 0.01
In TRENDnet TEW-752DRU FW1.03B01, there is a buffer overflow vulnerability due to the lack of length verification for the service field in gena.cgi. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands.
- CVE-2024-37645Jun 14, 2024risk 0.00cvss —epss 0.01
TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack overflow vulnerability via the submit-url parameter at /formSysLog .
- CVE-2024-37641Jun 14, 2024risk 0.00cvss —epss 0.01
TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack overflow via the submit-url parameter at /formNewSchedule
- CVE-2024-37644Jun 14, 2024risk 0.00cvss —epss 0.00
TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root.
- CVE-2024-37643Jun 14, 2024risk 0.00cvss —epss 0.01
TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack overflow vulnerability via the submit-url parameter at /formPasswordAuth .
- CVE-2024-36728Jun 3, 2024risk 0.00cvss —epss 0.05
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action vlan_setting with a sufficiently long dns1 or dns 2 key.
- CVE-2024-36729Jun 3, 2024risk 0.00cvss —epss 0.05
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action wizard_ipv6 with a sufficiently long reboot_type key.
- CVE-2024-22546Apr 30, 2024risk 0.00cvss —epss 0.01
TRENDnet TEW-815DAP 1.0.2.0 is vulnerable to Command Injection via the do_setNTP function. An authenticated attacker with administrator privileges can leverage this vulnerability over the network via a malicious POST request.
- CVE-2023-51148Mar 26, 2024risk 0.00cvss —epss 0.01
An issue in TRENDnet Trendnet AC1200 Dual Band PoE Indoor Wireless Access Point TEW-821DAP v.3.00b06 allows an attacker to execute arbitrary code via the 'mycli' command-line interface component.
- CVE-2023-51147Mar 26, 2024risk 0.00cvss —epss 0.01
Buffer Overflow vulnerability in TRENDnet Trendnet AC1200 TEW-821DAP with firmware version 3.00b06 allows an attacker to execute arbitrary code via the adm_mod_pwd action.
- CVE-2023-51146Mar 26, 2024risk 0.00cvss —epss 0.01
Buffer Overflow vulnerability in TRENDnet AC1200 TEW-821DAP with firmware version 3.00b06 allows an attacker to execute arbitrary code via the adm_add_user action.
- CVE-2024-28353Mar 15, 2024risk 0.00cvss —epss 0.02
There is a command injection vulnerability in the TRENDnet TEW-827DRU router with firmware version 2.10B01. An attacker can inject commands into the post request parameters usapps.config.smb_admin_name in the apply.cgi interface, thereby gaining root shell privileges.
- CVE-2024-28354Mar 15, 2024risk 0.00cvss —epss 0.02
There is a command injection vulnerability in the TRENDnet TEW-827DRU router with firmware version 2.10B01. An attacker can inject commands into the post request parameters usapps.@smb[%d].username in the apply.cgi interface, thereby gaining root shell privileges.
- CVE-2023-51835Feb 1, 2024risk 0.00cvss —epss 0.07
An issue in TRENDnet TEW-822DRE v.1.03B02 allows a local attacker to execute arbitrary code via the parameters ipv4_ping in the /boafrm/formSystemCheck.
- CVE-2024-0920Jan 26, 2024risk 0.00cvss —epss 0.09
A vulnerability was found in TRENDnet TEW-822DRE 1.03B02. It has been declared as critical. This vulnerability affects unknown code of the file /admin_ping.htm of the component POST Request Handler. The manipulation of the argument ipv4_ping/ipv6_ping leads to command injection.…
- CVE-2024-22545Jan 26, 2024risk 0.00cvss —epss 0.01
An issue was discovered in TRENDnet TEW-824DRU version 1.04b01, allows unauthenticated attackers to execute arbitrary code via the system.ntp.server parameter in the sub_420AE0() function. The attack can be launched remotely.
- CVE-2023-51833Jan 25, 2024risk 0.00cvss —epss 0.04
A command injection issue in TRENDnet TEW-411BRPplus v.2.07_eu that allows a local attacker to execute arbitrary code via the data1 parameter in the debug.cgi page.
- CVE-2023-49236Jan 9, 2024risk 0.00cvss —epss 0.01
A stack-based buffer overflow was discovered on TRENDnet TV-IP1314PI 5.5.3 200714 devices, leading to arbitrary command execution. This occurs because of lack of length validation during an sscanf of a user-entered scale field in the RTSP playback function of davinci.
- CVE-2023-49235Jan 9, 2024risk 0.00cvss —epss 0.01
An issue was discovered in libremote_dbg.so on TRENDnet TV-IP1314PI 5.5.3 200714 devices. Filtering of debug information is mishandled during use of popen. Consequently, an attacker can bypass validation and execute a shell command.
- CVE-2023-0640Feb 2, 2023risk 0.00cvss —epss 0.07
A vulnerability was found in TRENDnet TEW-652BRP 3.04b01. It has been classified as critical. Affected is an unknown function of the file ping.ccp of the component Web Interface. The manipulation leads to command injection. It is possible to launch the attack remotely. The…
- CVE-2023-0639Feb 2, 2023risk 0.00cvss —epss 0.00
A vulnerability was found in TRENDnet TEW-652BRP 3.04b01 and classified as problematic. This issue affects some unknown processing of the file get_set.ccp of the component Web Management Interface. The manipulation of the argument nextPage leads to cross site scripting. The…
- CVE-2023-0638Feb 2, 2023risk 0.00cvss —epss 0.03
A vulnerability has been found in TRENDnet TEW-811DRU 1.0.10.0 and classified as critical. This vulnerability affects unknown code of the component Web Interface. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to…
- CVE-2023-0637Feb 2, 2023risk 0.00cvss —epss 0.01
A vulnerability, which was classified as critical, was found in TRENDnet TEW-811DRU 1.0.10.0. This affects an unknown part of the file wan.asp of the component Web Management Interface. The manipulation leads to memory corruption. It is possible to initiate the attack remotely.…
- CVE-2023-23120Feb 2, 2023risk 0.00cvss —epss 0.00
The use of the cyclic redundancy check (CRC) algorithm for integrity check during firmware update makes TRENDnet TV-IP651WI Network Camera firmware version v1.07.01 and earlier vulnerable to firmware modification attacks. An attacker can conduct a man-in-the-middle (MITM) attack…
- CVE-2023-0618Feb 1, 2023risk 0.00cvss —epss 0.01
A vulnerability was found in TRENDnet TEW-652BRP 3.04B01. It has been declared as critical. This vulnerability affects unknown code of the file cfg_op.ccp of the component Web Service. The manipulation leads to memory corruption. The attack can be initiated remotely. The exploit…
- CVE-2023-0617Feb 1, 2023risk 0.00cvss —epss 0.01
A vulnerability was found in TRENDNet TEW-811DRU 1.0.10.0. It has been classified as critical. This affects an unknown part of the file /wireless/guestnetwork.asp of the component httpd. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely.…
- CVE-2023-0613Feb 1, 2023risk 0.00cvss —epss 0.01
A vulnerability has been found in TRENDnet TEW-811DRU 1.0.10.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /wireless/security.asp of the component httpd. The manipulation leads to memory corruption. The attack can be…
- CVE-2023-0612Feb 1, 2023risk 0.00cvss —epss 0.01
A vulnerability, which was classified as critical, was found in TRENDnet TEW-811DRU 1.0.10.0. Affected is an unknown function of the file /wireless/basic.asp of the component httpd. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The…
- CVE-2023-0611Feb 1, 2023risk 0.00cvss —epss 0.04
A vulnerability, which was classified as critical, has been found in TRENDnet TEW-652BRP 3.04B01. This issue affects some unknown processing of the file get_set.ccp of the component Web Management Interface. The manipulation leads to command injection. The attack may be…
- CVE-2023-24098Jan 23, 2023risk 0.00cvss —epss 0.01
TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the submit-url parameter at /formSysLog. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This vulnerability…
- CVE-2023-24096Jan 23, 2023risk 0.00cvss —epss 0.01
TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the newpass parameter at /formPasswordSetup. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This vulnerability…
- CVE-2023-24097Jan 23, 2023risk 0.00cvss —epss 0.01
TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the submit-url parameter at /formPasswordAuth. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This…
- CVE-2023-24095Jan 23, 2023risk 0.00cvss —epss 0.01
TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the submit-url parameter at /formSystemCheck. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This…
- CVE-2023-24099Jan 23, 2023risk 0.00cvss —epss 0.01
TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the username parameter at /formWizardPassword. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This…
- CVE-2022-47065Jan 23, 2023risk 0.00cvss —epss 0.01
TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the submit-url parameter at /formNewSchedule. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This…
- CVE-2022-46593Dec 30, 2022risk 0.00cvss —epss 0.01
TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the wps_sta_enrollee_pin parameter in the do_sta_enrollee_wifi function.
- CVE-2022-46588Dec 30, 2022risk 0.00cvss —epss 0.01
TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the sys_service parameter in the setup_wizard_mydlink (sub_4104B8) function.
- CVE-2022-46584Dec 30, 2022risk 0.00cvss —epss 0.01
TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the qcawifi.wifi%d_vap%d.maclist parameter in the kick_ban_wifi_mac_deny (sub_415D7C) function.
- CVE-2022-46591Dec 30, 2022risk 0.00cvss —epss 0.01
TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the reject_url parameter in the reject (sub_41BD60) function.
- CVE-2022-46582Dec 30, 2022risk 0.00cvss —epss 0.01
TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the login_name parameter in the do_graph_auth (sub_4061E0) function.
- CVE-2022-46592Dec 30, 2022risk 0.00cvss —epss 0.01
TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the wps_sta_enrollee_pin parameter in the set_sta_enrollee_pin_5g function.
- CVE-2022-46589Dec 30, 2022risk 0.00cvss —epss 0.01
TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the cameo.cameo.netstat_option parameter in the tools_netstat (sub_41E730) function.
- CVE-2022-46596Dec 30, 2022risk 0.00cvss —epss 0.01
TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the del_num parameter in the icp_delete_img (sub_41DEDC) function.
- CVE-2022-46599Dec 30, 2022risk 0.00cvss —epss 0.01
TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the setlogo_num parameter in the icp_setlogo_img (sub_41DBF4) function.
- CVE-2022-46585Dec 30, 2022risk 0.00cvss —epss 0.01
TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the REMOTE_USER parameter in the get_access (sub_45AC2C) function.
- CVE-2022-46580Dec 30, 2022risk 0.00cvss —epss 0.01
TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the user_edit_page parameter in the wifi_captive_portal function.
- CVE-2022-46586Dec 30, 2022risk 0.00cvss —epss 0.01
TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the qcawifi.wifi%d_vap%d.maclist parameter in the kick_ban_wifi_mac_allow (sub_415B00) function.
- CVE-2022-46594Dec 30, 2022risk 0.00cvss —epss 0.01
TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the update_file_name parameter in the auto_up_fw (sub_420A04) function.
Page 3 of 5