Stack overflow

2020-06-1504:15:00

PRIOn knowledge base

www.prio-n.com

9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.4%

JSON

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action wifi_captive_portal_login with a sufficiently long REMOTE_ADDR key.

CPENameOperatorVersion
tew-827dru_firmwareeq<= 2.6b4

CPE	Name	Operator	Version
	tew-827dru_firmware	eq	<= 2.6b4

References

github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/TRENDnet-wifi_captive.pdf

github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/wifi_captive_portal_login_overflow.pdf