Vendor CVEs
Trendnet
All CVEs
213 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-46581 | 0.00 | — | 0.01 | Dec 30, 2022 | TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the cameo.cameo.nslookup_target parameter in the tools_nslookup function. | |||
| CVE-2022-46600 | 0.00 | — | 0.01 | Dec 30, 2022 | TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the wps_sta_enrollee_pin parameter in the action set_sta_enrollee_pin_24g function. | |||
| CVE-2022-46583 | 0.00 | — | 0.01 | Dec 30, 2022 | TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the reboot_type parameter in the wizard_ipv6 (sub_41C380) function. | |||
| CVE-2022-46590 | 0.00 | — | 0.01 | Dec 30, 2022 | TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the cameo.cameo.netstat_rsname parameter in the tools_netstat (sub_41E730) function. | |||
| CVE-2022-46601 | 0.00 | — | 0.01 | Dec 30, 2022 | TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the setbg_num parameter in the icp_setbg_img (sub_41DD68) function. | |||
| CVE-2022-44373 | 0.00 | — | 0.01 | Dec 7, 2022 | A stack overflow vulnerability exists in TrendNet Wireless AC Easy-Upgrader TEW-820AP (Version v1.0R, firmware version 1.01.B01) which may result in remote code execution. | |||
| CVE-2022-38556 | 0.00 | — | 0.01 | Aug 28, 2022 | Trendnet TEW733GR v1.03B01 contains a Static Default Credential vulnerability in /etc/init0.d/S80telnetd.sh. | |||
| CVE-2022-35203 | 0.00 | — | 0.02 | Aug 23, 2022 | An access control issue in TrendNet TV-IP572PI v1.0 allows unauthenticated attackers to access sensitive system information. | |||
| CVE-2022-33007 | 0.00 | — | 0.01 | Jun 27, 2022 | TRENDnet Wi-Fi routers TEW751DR v1.03 and TEW-752DRU v1.03 were discovered to contain a stack overflow via the function genacgi_main. | |||
| CVE-2022-31873 | 0.00 | — | 0.01 | Jun 17, 2022 | Trendnet IP-110wn camera fw_tv-ip110wn_v2(1.2.2.68) has an XSS vulnerability via the prefix parameter in /admin/general.cgi. | |||
| CVE-2022-31875 | 0.00 | — | 0.01 | Jun 17, 2022 | Trendnet IP-110wn camera fw_tv-ip110wn_v2(1.2.2.68) has an xss vulnerability via the proname parameter in /admin/scheprofile.cgi | |||
| CVE-2022-30329 | 0.00 | — | 0.02 | Jun 16, 2022 | An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. An OS injection vulnerability exists within the web interface, allowing an attacker with valid credentials to execute arbitrary shell commands. | |||
| CVE-2022-30326 | 0.00 | — | 0.00 | Jun 16, 2022 | An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The network pre-shared key field on the web interface is vulnerable to XSS. An attacker can use a simple XSS payload to crash the basic.config page of the web interface. | |||
| CVE-2022-30327 | 0.00 | — | 0.00 | Jun 16, 2022 | An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The web interface is vulnerable to CSRF. An attacker can change the pre-shared key of the Wi-Fi router if the interface's IP address is known. | |||
| CVE-2022-30328 | 0.00 | — | 0.00 | Jun 16, 2022 | An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The username and password setup for the web interface does not require entering the existing password. A malicious user can change the username and password of the interface. | |||
| CVE-2022-30325 | 0.00 | — | 0.00 | Jun 16, 2022 | An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The default pre-shared key for the Wi-Fi networks is the same for every router except for the last four digits. The device default pre-shared key for both 2.4 GHz and 5 GHz networks can be guessed or… | |||
| CVE-2021-33317 | 0.00 | — | 0.01 | May 11, 2022 | The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from a null pointer dereference vulnerability. This vulnerability exists in its lldp related component. Due to fail to check if ChassisID TLV is contained in the packet, by sending a crafted lldp packet… | |||
| CVE-2021-33315 | 0.00 | — | 0.01 | May 11, 2022 | The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from an integer underflow vulnerability. This vulnerability exists in its lldp related component. Due to lack of proper validation on length field of PortID TLV, by sending a crafted lldp packet to the… | |||
| CVE-2021-33316 | 0.00 | — | 0.01 | May 11, 2022 | The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from an integer underflow vulnerability. This vulnerability exists in its lldp related component. Due to lack of proper validation on length field of ChassisID TLV, by sending a crafted lldp packet to the… | |||
| CVE-2021-20165 | 0.00 | — | 0.01 | Dec 30, 2021 | Trendnet AC2600 TEW-827DRU version 2.08B01 does not properly implement csrf protections. Most pages lack proper usage of CSRF protections or mitigations. Additionally, pages that do make use of CSRF tokens are trivially bypassable as the server does not appear to validate them… | |||
| CVE-2021-20164 | 0.00 | — | 0.01 | Dec 30, 2021 | Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses credentials for the smb functionality of the device. Usernames and passwords for all smb users are revealed in plaintext on the smbserver.asp page. | |||
| CVE-2021-20151 | 0.00 | — | 0.02 | Dec 30, 2021 | Trendnet AC2600 TEW-827DRU version 2.08B01 contains a flaw in the session management for the device. The router's management software manages web sessions based on IP address rather than verifying client cookies/session tokens/etc. This allows an attacker (whether from a… | |||
| CVE-2021-20149 | 0.00 | — | 0.01 | Dec 30, 2021 | Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient access controls for the WAN interface. The default iptables ruleset for governing access to services on the device only apply to IPv4. All services running on the devices are accessible via the WAN interface via… | |||
| CVE-2021-20163 | 0.00 | — | 0.01 | Dec 30, 2021 | Trendnet AC2600 TEW-827DRU version 2.08B01 leaks information via the ftp web page. Usernames and passwords for all ftp users are revealed in plaintext on the ftpserver.asp page. | |||
| CVE-2021-20161 | 0.00 | — | 0.00 | Dec 30, 2021 | Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient protections for the UART functionality. A malicious actor with physical access to the device is able to connect to the UART port via a serial connection. No username or password is required and the user is given… | |||
| CVE-2021-20162 | 0.00 | — | 0.00 | Dec 30, 2021 | Trendnet AC2600 TEW-827DRU version 2.08B01 stores credentials in plaintext. Usernames and passwords are stored in plaintext in the config files on the device. For example, /etc/config/cameo contains the admin password in plaintext. | |||
| CVE-2021-20155 | 0.00 | — | 0.02 | Dec 30, 2021 | Trendnet AC2600 TEW-827DRU version 2.08B01 makes use of hardcoded credentials. It is possible to backup and restore device configurations via the management web interface. These devices are encrypted using a hardcoded password of "12345678". | |||
| CVE-2021-20154 | 0.00 | — | 0.01 | Dec 30, 2021 | Trendnet AC2600 TEW-827DRU version 2.08B01 contains an security flaw in the web interface. HTTPS is not enabled on the device by default. This results in cleartext transmission of sensitive information such as passwords. | |||
| CVE-2021-20153 | 0.00 | — | 0.01 | Dec 30, 2021 | Trendnet AC2600 TEW-827DRU version 2.08B01 contains a symlink vulnerability in the bittorrent functionality. If enabled, the bittorrent functionality is vulnerable to a symlink attack that could lead to remote code execution on the device. If an end user inserts a flash drive… | |||
| CVE-2021-20152 | 0.00 | — | 0.01 | Dec 30, 2021 | Trendnet AC2600 TEW-827DRU version 2.08B01 lacks proper authentication to the bittorrent functionality. If enabled, anyone is able to visit and modify settings and files via the Bittorent web client by visiting: http://192.168.10.1:9091/transmission/web/ | |||
| CVE-2021-20156 | 0.00 | — | 0.00 | Dec 30, 2021 | Trendnet AC2600 TEW-827DRU version 2.08B01 contains an improper access control configuration that could allow for a malicious firmware update. It is possible to manually install firmware that may be malicious in nature as there does not appear to be any signature validation done… | |||
| CVE-2021-28846 | 0.00 | — | 0.01 | Aug 10, 2021 | A Format String vulnerablity exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of service due to a logic bug at address 0x40dcd0 when calling fprintf with "%s: key… | |||
| CVE-2021-28845 | 0.00 | — | 0.01 | Aug 10, 2021 | Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of service by sending the POST request to apply_cgi via the lang action… | |||
| CVE-2021-28844 | 0.00 | — | 0.01 | Aug 10, 2021 | Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03 by sending the POST request to apply_cgi via a do_graph_auth action without a session_id key. | |||
| CVE-2021-28843 | 0.00 | — | 0.01 | Aug 10, 2021 | Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03 by sending the POST request to apply_cgi with an unknown action name. | |||
| CVE-2021-28842 | 0.00 | — | 0.01 | Aug 10, 2021 | Null Pointer Deference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial os service by sending the POST request to apply_cgi via action do_graph_auth… | |||
| CVE-2021-28841 | 0.00 | — | 0.01 | Aug 10, 2021 | Null Pointer Dereference vulnerability in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of service by sending a POST request to apply_cgi via an action ping_test without a… | |||
| CVE-2021-31655 | 0.00 | — | 0.01 | Aug 10, 2021 | Cross Site Scripting (XSS) vulnerability in TRENDnet TV-IP110WN V1.2.2.64 V1.2.2.65 V1.2.2.68 via the profile parameter. in a GET request in view.cgi. | |||
| CVE-2021-32426 | 0.00 | — | 0.01 | Jun 17, 2021 | In TrendNet TW100-S4W1CA 2.3.32, it is possible to inject arbitrary JavaScript into the router's web interface via the "echo" command. | |||
| CVE-2021-32424 | 0.00 | — | 0.00 | Jun 17, 2021 | In TrendNet TW100-S4W1CA 2.3.32, due to a lack of proper session controls, a threat actor could make unauthorized changes to an affected router via a specially crafted web page. If an authenticated user were to interact with a malicious web page it could allow for a complete… | |||
| CVE-2020-14074 | 0.00 | — | 0.02 | Jun 15, 2020 | TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action kick_ban_wifi_mac_allow with a sufficiently long… | |||
| CVE-2020-14077 | 0.00 | — | 0.02 | Jun 15, 2020 | TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action set_sta_enrollee_pin_wifi1 (or set_sta_enrollee_pin_wifi0) with a… | |||
| CVE-2020-14078 | 0.00 | — | 0.02 | Jun 15, 2020 | TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action wifi_captive_portal_login with a sufficiently long REMOTE_ADDR key. | |||
| CVE-2020-14079 | 0.00 | — | 0.02 | Jun 15, 2020 | TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action auto_up_fw (or auto_up_lp) with a sufficiently long update_file_name… | |||
| CVE-2020-14080 | 0.00 | — | 0.02 | Jun 15, 2020 | TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an unauthenticated user to execute arbitrary code by POSTing to apply_sec.cgi via the action ping_test with a sufficiently long ping_ipaddr key. | |||
| CVE-2020-12763 | 0.00 | — | 0.03 | May 13, 2020 | TRENDnet ProView Wireless camera TV-IP512WN 1.0R 1.0.4 is vulnerable to an unauthenticated stack-based buffer overflow in handling RTSP packets. This may result in remote code execution or denial of service. The issue is in the binary rtspd (in /sbin) when parsing a long… | |||
| CVE-2020-10215 | 0.00 | — | 0.06 | Mar 7, 2020 | An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the dns_query_name parameter in a dns_query.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected. | |||
| CVE-2020-10216 | 0.00 | — | 0.06 | Mar 7, 2020 | An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the date parameter in a system_time.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected. | |||
| CVE-2020-10213 | 0.00 | — | 0.05 | Mar 7, 2020 | An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the wps_sta_enrollee_pin parameter in a set_sta_enrollee_pin.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected. | |||
| CVE-2013-6360 | 0.00 | — | 0.01 | Feb 13, 2020 | TRENDnet TS-S402 has a backdoor to enable TELNET. |
- CVE-2022-46581Dec 30, 2022risk 0.00cvss —epss 0.01
TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the cameo.cameo.nslookup_target parameter in the tools_nslookup function.
- CVE-2022-46600Dec 30, 2022risk 0.00cvss —epss 0.01
TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the wps_sta_enrollee_pin parameter in the action set_sta_enrollee_pin_24g function.
- CVE-2022-46583Dec 30, 2022risk 0.00cvss —epss 0.01
TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the reboot_type parameter in the wizard_ipv6 (sub_41C380) function.
- CVE-2022-46590Dec 30, 2022risk 0.00cvss —epss 0.01
TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the cameo.cameo.netstat_rsname parameter in the tools_netstat (sub_41E730) function.
- CVE-2022-46601Dec 30, 2022risk 0.00cvss —epss 0.01
TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the setbg_num parameter in the icp_setbg_img (sub_41DD68) function.
- CVE-2022-44373Dec 7, 2022risk 0.00cvss —epss 0.01
A stack overflow vulnerability exists in TrendNet Wireless AC Easy-Upgrader TEW-820AP (Version v1.0R, firmware version 1.01.B01) which may result in remote code execution.
- CVE-2022-38556Aug 28, 2022risk 0.00cvss —epss 0.01
Trendnet TEW733GR v1.03B01 contains a Static Default Credential vulnerability in /etc/init0.d/S80telnetd.sh.
- CVE-2022-35203Aug 23, 2022risk 0.00cvss —epss 0.02
An access control issue in TrendNet TV-IP572PI v1.0 allows unauthenticated attackers to access sensitive system information.
- CVE-2022-33007Jun 27, 2022risk 0.00cvss —epss 0.01
TRENDnet Wi-Fi routers TEW751DR v1.03 and TEW-752DRU v1.03 were discovered to contain a stack overflow via the function genacgi_main.
- CVE-2022-31873Jun 17, 2022risk 0.00cvss —epss 0.01
Trendnet IP-110wn camera fw_tv-ip110wn_v2(1.2.2.68) has an XSS vulnerability via the prefix parameter in /admin/general.cgi.
- CVE-2022-31875Jun 17, 2022risk 0.00cvss —epss 0.01
Trendnet IP-110wn camera fw_tv-ip110wn_v2(1.2.2.68) has an xss vulnerability via the proname parameter in /admin/scheprofile.cgi
- CVE-2022-30329Jun 16, 2022risk 0.00cvss —epss 0.02
An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. An OS injection vulnerability exists within the web interface, allowing an attacker with valid credentials to execute arbitrary shell commands.
- CVE-2022-30326Jun 16, 2022risk 0.00cvss —epss 0.00
An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The network pre-shared key field on the web interface is vulnerable to XSS. An attacker can use a simple XSS payload to crash the basic.config page of the web interface.
- CVE-2022-30327Jun 16, 2022risk 0.00cvss —epss 0.00
An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The web interface is vulnerable to CSRF. An attacker can change the pre-shared key of the Wi-Fi router if the interface's IP address is known.
- CVE-2022-30328Jun 16, 2022risk 0.00cvss —epss 0.00
An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The username and password setup for the web interface does not require entering the existing password. A malicious user can change the username and password of the interface.
- CVE-2022-30325Jun 16, 2022risk 0.00cvss —epss 0.00
An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The default pre-shared key for the Wi-Fi networks is the same for every router except for the last four digits. The device default pre-shared key for both 2.4 GHz and 5 GHz networks can be guessed or…
- CVE-2021-33317May 11, 2022risk 0.00cvss —epss 0.01
The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from a null pointer dereference vulnerability. This vulnerability exists in its lldp related component. Due to fail to check if ChassisID TLV is contained in the packet, by sending a crafted lldp packet…
- CVE-2021-33315May 11, 2022risk 0.00cvss —epss 0.01
The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from an integer underflow vulnerability. This vulnerability exists in its lldp related component. Due to lack of proper validation on length field of PortID TLV, by sending a crafted lldp packet to the…
- CVE-2021-33316May 11, 2022risk 0.00cvss —epss 0.01
The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from an integer underflow vulnerability. This vulnerability exists in its lldp related component. Due to lack of proper validation on length field of ChassisID TLV, by sending a crafted lldp packet to the…
- CVE-2021-20165Dec 30, 2021risk 0.00cvss —epss 0.01
Trendnet AC2600 TEW-827DRU version 2.08B01 does not properly implement csrf protections. Most pages lack proper usage of CSRF protections or mitigations. Additionally, pages that do make use of CSRF tokens are trivially bypassable as the server does not appear to validate them…
- CVE-2021-20164Dec 30, 2021risk 0.00cvss —epss 0.01
Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses credentials for the smb functionality of the device. Usernames and passwords for all smb users are revealed in plaintext on the smbserver.asp page.
- CVE-2021-20151Dec 30, 2021risk 0.00cvss —epss 0.02
Trendnet AC2600 TEW-827DRU version 2.08B01 contains a flaw in the session management for the device. The router's management software manages web sessions based on IP address rather than verifying client cookies/session tokens/etc. This allows an attacker (whether from a…
- CVE-2021-20149Dec 30, 2021risk 0.00cvss —epss 0.01
Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient access controls for the WAN interface. The default iptables ruleset for governing access to services on the device only apply to IPv4. All services running on the devices are accessible via the WAN interface via…
- CVE-2021-20163Dec 30, 2021risk 0.00cvss —epss 0.01
Trendnet AC2600 TEW-827DRU version 2.08B01 leaks information via the ftp web page. Usernames and passwords for all ftp users are revealed in plaintext on the ftpserver.asp page.
- CVE-2021-20161Dec 30, 2021risk 0.00cvss —epss 0.00
Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient protections for the UART functionality. A malicious actor with physical access to the device is able to connect to the UART port via a serial connection. No username or password is required and the user is given…
- CVE-2021-20162Dec 30, 2021risk 0.00cvss —epss 0.00
Trendnet AC2600 TEW-827DRU version 2.08B01 stores credentials in plaintext. Usernames and passwords are stored in plaintext in the config files on the device. For example, /etc/config/cameo contains the admin password in plaintext.
- CVE-2021-20155Dec 30, 2021risk 0.00cvss —epss 0.02
Trendnet AC2600 TEW-827DRU version 2.08B01 makes use of hardcoded credentials. It is possible to backup and restore device configurations via the management web interface. These devices are encrypted using a hardcoded password of "12345678".
- CVE-2021-20154Dec 30, 2021risk 0.00cvss —epss 0.01
Trendnet AC2600 TEW-827DRU version 2.08B01 contains an security flaw in the web interface. HTTPS is not enabled on the device by default. This results in cleartext transmission of sensitive information such as passwords.
- CVE-2021-20153Dec 30, 2021risk 0.00cvss —epss 0.01
Trendnet AC2600 TEW-827DRU version 2.08B01 contains a symlink vulnerability in the bittorrent functionality. If enabled, the bittorrent functionality is vulnerable to a symlink attack that could lead to remote code execution on the device. If an end user inserts a flash drive…
- CVE-2021-20152Dec 30, 2021risk 0.00cvss —epss 0.01
Trendnet AC2600 TEW-827DRU version 2.08B01 lacks proper authentication to the bittorrent functionality. If enabled, anyone is able to visit and modify settings and files via the Bittorent web client by visiting: http://192.168.10.1:9091/transmission/web/
- CVE-2021-20156Dec 30, 2021risk 0.00cvss —epss 0.00
Trendnet AC2600 TEW-827DRU version 2.08B01 contains an improper access control configuration that could allow for a malicious firmware update. It is possible to manually install firmware that may be malicious in nature as there does not appear to be any signature validation done…
- CVE-2021-28846Aug 10, 2021risk 0.00cvss —epss 0.01
A Format String vulnerablity exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of service due to a logic bug at address 0x40dcd0 when calling fprintf with "%s: key…
- CVE-2021-28845Aug 10, 2021risk 0.00cvss —epss 0.01
Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of service by sending the POST request to apply_cgi via the lang action…
- CVE-2021-28844Aug 10, 2021risk 0.00cvss —epss 0.01
Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03 by sending the POST request to apply_cgi via a do_graph_auth action without a session_id key.
- CVE-2021-28843Aug 10, 2021risk 0.00cvss —epss 0.01
Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03 by sending the POST request to apply_cgi with an unknown action name.
- CVE-2021-28842Aug 10, 2021risk 0.00cvss —epss 0.01
Null Pointer Deference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial os service by sending the POST request to apply_cgi via action do_graph_auth…
- CVE-2021-28841Aug 10, 2021risk 0.00cvss —epss 0.01
Null Pointer Dereference vulnerability in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of service by sending a POST request to apply_cgi via an action ping_test without a…
- CVE-2021-31655Aug 10, 2021risk 0.00cvss —epss 0.01
Cross Site Scripting (XSS) vulnerability in TRENDnet TV-IP110WN V1.2.2.64 V1.2.2.65 V1.2.2.68 via the profile parameter. in a GET request in view.cgi.
- CVE-2021-32426Jun 17, 2021risk 0.00cvss —epss 0.01
In TrendNet TW100-S4W1CA 2.3.32, it is possible to inject arbitrary JavaScript into the router's web interface via the "echo" command.
- CVE-2021-32424Jun 17, 2021risk 0.00cvss —epss 0.00
In TrendNet TW100-S4W1CA 2.3.32, due to a lack of proper session controls, a threat actor could make unauthorized changes to an affected router via a specially crafted web page. If an authenticated user were to interact with a malicious web page it could allow for a complete…
- CVE-2020-14074Jun 15, 2020risk 0.00cvss —epss 0.02
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action kick_ban_wifi_mac_allow with a sufficiently long…
- CVE-2020-14077Jun 15, 2020risk 0.00cvss —epss 0.02
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action set_sta_enrollee_pin_wifi1 (or set_sta_enrollee_pin_wifi0) with a…
- CVE-2020-14078Jun 15, 2020risk 0.00cvss —epss 0.02
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action wifi_captive_portal_login with a sufficiently long REMOTE_ADDR key.
- CVE-2020-14079Jun 15, 2020risk 0.00cvss —epss 0.02
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action auto_up_fw (or auto_up_lp) with a sufficiently long update_file_name…
- CVE-2020-14080Jun 15, 2020risk 0.00cvss —epss 0.02
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an unauthenticated user to execute arbitrary code by POSTing to apply_sec.cgi via the action ping_test with a sufficiently long ping_ipaddr key.
- CVE-2020-12763May 13, 2020risk 0.00cvss —epss 0.03
TRENDnet ProView Wireless camera TV-IP512WN 1.0R 1.0.4 is vulnerable to an unauthenticated stack-based buffer overflow in handling RTSP packets. This may result in remote code execution or denial of service. The issue is in the binary rtspd (in /sbin) when parsing a long…
- CVE-2020-10215Mar 7, 2020risk 0.00cvss —epss 0.06
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the dns_query_name parameter in a dns_query.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected.
- CVE-2020-10216Mar 7, 2020risk 0.00cvss —epss 0.06
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the date parameter in a system_time.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected.
- CVE-2020-10213Mar 7, 2020risk 0.00cvss —epss 0.05
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the wps_sta_enrollee_pin parameter in a set_sta_enrollee_pin.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected.
- CVE-2013-6360Feb 13, 2020risk 0.00cvss —epss 0.01
TRENDnet TS-S402 has a backdoor to enable TELNET.
Page 4 of 5