Lucene search

MitreCVE-2019-13152

HistoryJul 02, 2019 - 1:15 p.m.

CVE-2019-13152

2019-07-0213:15:12

CWE-77

mitre

web.nvd.nist.gov

trendnet

tew-827dru

firmware

command injection

apply.cgi

authentication

ip address

add gaming rule

nvd

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.001

Percentile

37.8%

JSON

An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the IP Address in Add Gaming Rule.

Affected configurations

Nvd

Node

trendnettew-827dru_firmwareRange<2.05b11

AND

trendnettew-827druMatch-

VendorProductVersionCPE
trendnettew-827dru_firmware*cpe:2.3:o:trendnet:tew-827dru_firmware:*:*:*:*:*:*:*:*
trendnettew-827dru-cpe:2.3:h:trendnet:tew-827dru:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
trendnet	tew-827dru_firmware	*	cpe:2.3:o:trendnet:tew-827dru_firmware::::::::
trendnet	tew-827dru	-	cpe:2.3:h:trendnet:tew-827dru:-:::::::*

References

github.com/TeamSeri0us/pocs/blob/master/iot/trendnet/cmdinject678.jpg

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.001

Percentile

37.8%

JSON

Related for CVE-2019-13152