Lucene search

[email protected]CVE-2024-22545

HistoryJan 26, 2024 - 8:15 a.m.

CVE-2024-22545

2024-01-2608:15:42

CWE-77

[email protected]

web.nvd.nist.gov

cve-2024-22545

trendnet

tew-824dru

version 1.04b01

command injection

vulnerability

nvd

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

An issue was discovered in TRENDnet TEW-824DRU version 1.04b01, allows unauthenticated attackers to execute arbitrary code via the system.ntp.server parameter in the sub_420AE0() function. The attack can be launched remotely.

Affected configurations

NVD

Node

trendnettew-824dru_firmwareMatch1.04b01

AND

trendnettew-824druMatch-

CPENameOperatorVersion
trendnet:tew-824dru_firmwaretrendnet tew-824dru firmwareeq1.04b01

CPE	Name	Operator	Version
trendnet:tew-824dru_firmware	trendnet tew-824dru firmware	eq	1.04b01

References

warp-desk-89d.notion.site/TEW-824DRU-e7228d462ce24fa1a9fecb0bee57caad

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2024-22545

prion1 nvd1 cvelist1