Lucene search

[email protected]NVD:CVE-2023-51833

HistoryJan 25, 2024 - 10:15 p.m.

CVE-2023-51833

2024-01-2522:15:07

CWE-77

[email protected]

web.nvd.nist.gov

cve-2023-51833

command injection

trendnet tew-411brpplus

local attacker

arbitrary code

debug.cgi page

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

43.9%

JSON

A command injection issue in TRENDnet TEW-411BRPplus v.2.07_eu that allows a local attacker to execute arbitrary code via the data1 parameter in the debug.cgi page.

Affected configurations

NVD

Node

trendnettew-411brpplusMatch-

AND

trendnettew-411brpplus_firmwareMatch2.07_eu

References

warp-desk-89d.notion.site/TEW-411BRPplus-9bafe26e48964be3be12eab47f77203d

www.trendnet.com/support/support-detail.asp?prod=160_TEW-411BRPplus

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

43.9%

JSON

Related for NVD:CVE-2023-51833

cvelist1 cve1 prion1