The vulnerability of the do_setNTP() function in the POST Request Handler component of the Trendnet TEW-815DAP router’s microprogramming system allows a attacker to execute arbitrary commands.

🗓️ 31 Jan 2024 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 3 Views

The do_setNTP() vulnerability in the router POST handler enables command execution due to poor NtpDstStart and NtpDstEnd validation.

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2024-0919	26 Jan 202410:31	–	circl
CNNVD	TRENDnet TEW-815DAP Command Injection Vulnerability	26 Jan 202400:00	–	cnnvd
CVE	CVE-2024-0919	26 Jan 202408:08	–	cve
Cvelist	CVE-2024-0919 TRENDnet TEW-815DAP POST Request do_setNTP command injection	26 Jan 202408:08	–	cvelist
NVD	CVE-2024-0919	26 Jan 202409:15	–	nvd
OSV	CVE-2024-0919	26 Jan 202409:15	–	osv
Prion	Command injection	26 Jan 202409:15	–	prion
Positive Technologies	PT-2024-1398 · Trendnet · Trendnet Tew-815Dap	26 Jan 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-0919	4 Feb 202523:12	–	redhatcve
Vulnrichment	CVE-2024-0919 TRENDnet TEW-815DAP POST Request do_setNTP command injection	26 Jan 202408:08	–	vulnrichment

Vulners

Node

trendnet tew-815dapMatch1.0.2.0

Source	Link
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
warp-desk-89d	www.warp-desk-89d.notion.site/TEW-815DAP-94a631c20dee4f399268dbcc880f1f4c
web	www.web.nvd.nist.gov/view/vuln/detail

31 Jan 2024 00:00Current

7.8High risk

Vulners AI Score7.8

CVSS 38.8

CVSS 29

EPSS0.22549

network time protocol router post handler remote command execution