TRENDnet TEW-824DRU 代码注入漏洞

TRENDnet TEW-824DRU is a dual-band wireless router produced by TRENDnet Corporation. Both versions of the TRENDnet TEW-824DRU, 1.010B01 and 1.04B01, contain a code injection vulnerability. This vulnerability stems from improper handling of the Language parameter in the sub420A78 function within t...

CVE-2026-4354 TRENDnet TEW-824DRU Web apply_sec.cgi sub_420A78 cross site scripting

A vulnerability was identified in TRENDnet TEW-824DRU 1.010B01/1.04B01. The impacted element is the function sub420A78 of the file applysec.cgi of the component Web Interface. Such manipulation of the argument Language leads to cross site scripting. It is possible to launch the attack remotely. T...

CVE-2026-4354

A vulnerability was identified in TRENDnet TEW-824DRU 1.010B01/1.04B01. The impacted element is the function sub420A78 of the file applysec.cgi of the component Web Interface. Such manipulation of the argument Language leads to cross site scripting. It is possible to launch the attack remotely. T...

CVE-2026-4354 TRENDnet TEW-824DRU Web apply_sec.cgi sub_420A78 cross site scripting

A vulnerability was identified in TRENDnet TEW-824DRU 1.010B01/1.04B01. The impacted element is the function sub420A78 of the file applysec.cgi of the component Web Interface. Such manipulation of the argument Language leads to cross site scripting. It is possible to launch the attack remotely. T...

CVE-2026-4354

Summary of CVE-2026-4354 : TRENDnet TEW-824DRU devices (firmware versions 1.010B01/1.04B01) are affected. The vulnerability resides in the Web Interface component, specifically the function sub_420A78 in apply_sec.cgi, where manipulating the Language argument enables cross-site scripting (XSS). T...

PT-2026-25964

A vulnerability was identified in TRENDnet TEW-824DRU 1.010B01/1.04B01. The impacted element is the function sub 420A78 of the file apply sec.cgi of the component Web Interface. Such manipulation of the argument Language leads to cross site scripting. It is possible to launch the attack remotely...

EUVD-2026-12218

A vulnerability was detected in TRENDnet TEW-632BRP 1.010B32. This affects an unknown part of the file /pingresponse.cgi of the component HTTP POST Request Handler. The manipulation of the argument pingipaddr results in stack-based buffer overflow. The attack may be performed from remote. The...

CVE-2026-4172

A vulnerability was detected in TRENDnet TEW-632BRP 1.010B32. This affects an unknown part of the file /pingresponse.cgi of the component HTTP POST Request Handler. The manipulation of the argument pingipaddr results in stack-based buffer overflow. The attack may be performed from remote. The...

TRENDnet TEW-632BRP 安全漏洞

The TRENDnet TEW-632BRP is a wireless router from TRENDnet. A buffer overflow vulnerability exists in the TRENDnet TEW-632BRP. The vulnerability is caused due to a lack of bounds checking in the user-controlled pingipadder parameter in the HTTP POST request handler of the /pingresponse.cgi...

CVE-2026-4172 TRENDnet TEW-632BRP HTTP POST Request ping_response.cgi stack-based overflow

A vulnerability was detected in TRENDnet TEW-632BRP 1.010B32. This affects an unknown part of the file /pingresponse.cgi of the component HTTP POST Request Handler. The manipulation of the argument pingipaddr results in stack-based buffer overflow. The attack may be performed from remote. The...

CVE-2026-4172 TRENDnet TEW-632BRP HTTP POST Request ping_response.cgi stack-based overflow

A vulnerability was detected in TRENDnet TEW-632BRP 1.010B32. This affects an unknown part of the file /pingresponse.cgi of the component HTTP POST Request Handler. The manipulation of the argument pingipaddr results in stack-based buffer overflow. The attack may be performed from remote. The...

CVE-2026-4172

A vulnerability was detected in TRENDnet TEW-632BRP 1.010B32. This affects an unknown part of the file /pingresponse.cgi of the component HTTP POST Request Handler. The manipulation of the argument pingipaddr results in stack-based buffer overflow. The attack may be performed from remote. The...

CVE-2026-4172

The CVE describes a stack-based overflow in TRENDnet TEW-632BRP (1.010B32) within the HTTP POST Request Handler, specifically the /ping_response.cgi file. The issue stems from manipulating the ping_ipaddr argument in this handler, enabling a remote exploit. Public exploitation exists according to...

PT-2026-25545

A vulnerability was detected in TRENDnet TEW-632BRP 1.010B32. This affects an unknown part of the file /ping response.cgi of the component HTTP POST Request Handler. The manipulation of the argument ping ipaddr results in stack-based buffer overflow. The attack may be performed from remote. The...

VulnCheck KEV: CVE-2020-14080

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an unauthenticated user to execute arbitrary code by POSTing to applysec.cgi via the action pingtest with a sufficiently long pingipaddr key...

TRENDnet TEW-811DRU Operating System Command Injection Vulnerability

The TRENDnet TEW-811DRU is a wireless router from TRENDnet. The TRENDnet TEW-811DRU suffers from an operating system command injection vulnerability that stems from a misuse of the parameter DeviceURL in the file uapply.cgi of the component httpd, which can be exploited by an attacker to cause...

TRENDnet TEW-713RE Operating System Command Injection Vulnerability

The TRENDnet TEW-713RE is a wireless network range extender from TRENDnet. The TRENDnet TEW-713RE suffers from an operating system command injection vulnerability due to manipulation of the SZCMD parameter in an unknown function in the /goformX/formFSrvX file. An attacker could exploit the...

TRENDnet TEW-800MB Command Injection Vulnerability

The TRENDnet TEW-800MB is a dual-band wireless router from TRENDnet. The TRENDnet TEW-800MB suffers from a command injection vulnerability that originates from a misbehavior of the parameter WizardConfigured in the file /goform/wizardset, which can be exploited by an attacker to execute arbitrary...

TRENDnet TEW-822DRE Command Injection Vulnerability

The TRENDnet TEW-822DRE is a dual-band wireless router from TRENDnet. The TRENDnet TEW-822DRE suffers from a command injection vulnerability that originates from a misuse of the parameter peerPin in the file /boafrm/formWsc, which can be exploited by an attacker to execute arbitrary commands on t...

TRENDnet TEW-800MB Command Injection Vulnerability

The TRENDnet TEW-800MB is a dual-band wireless router from TRENDnet. The TRENDnet TEW-800MB suffers from a command injection vulnerability that originates from a misbehavior of the function subF934 in the file NTPSyncWithHost.cgi, which can be exploited by an attacker to execute arbitrary command...