CVE-2024-22545

An issue was discovered in TRENDnet TEW-824DRU version 1.04b01, allows unauthenticated attackers to execute arbitrary code via the system.ntp.server parameter in the sub420AE0 function. The attack can be launched remotely...

CVE-2024-37643

TRENDnet TEW-814DAP v1FW1.01B01 was discovered to contain a stack overflow vulnerability via the submit-url parameter at /formPasswordAuth...

CVE-2024-37641

TRENDnet TEW-814DAP v1FW1.01B01 was discovered to contain a stack overflow via the submit-url parameter at /formNewSchedule...

CVE-2024-37645

TRENDnet TEW-814DAP v1FW1.01B01 was discovered to contain a stack overflow vulnerability via the submit-url parameter at /formSysLog...

CVE-2024-37642

TRENDnet TEW-814DAP v1FW1.01B01 was discovered to contain a command injection vulnerability via the ipv4ping, ipv6ping parameter at /formSystemCheck...

CVE-2024-37644

TRENDnet TEW-814DAP v1FW1.01B01 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root...

CVE-2024-51188

TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting XSS vulnerability via the vsRuleVirtualServerName1.1.10.0.0 parameter on the /virtualserver.htm page...

CVE-2024-51189

TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting XSS vulnerability via the macListName1.1.1.0.0 parameter on the /filters.htm page...

CVE-2024-22546

TRENDnet TEW-815DAP 1.0.2.0 is vulnerable to Command Injection via the dosetNTP function. An authenticated attacker with administrator privileges can leverage this vulnerability over the network via a malicious POST request...

CVE-2024-57590

TRENDnet TEW-632BRP v1.010B31 devices have an OS command injection vulnerability in the CGl interface "ntpsync.cgi",which allows remote attackers to execute arbitrary commands via parameter "ntpserver" passed to the "ntpsync.cgi" binary through a POST request...

CVE-2024-42813

In TRENDnet TEW-752DRU FW1.03B01, there is a buffer overflow vulnerability due to the lack of length verification for the service field in gena.cgi. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands...

CVE-2024-51187

TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting XSS vulnerability via the firewallRuleName1.1.1.0.0 parameter on the /firewallsetting.htm page...

CVE-2024-51190

TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting XSS vulnerability via the ptRuleApplicationName1.1.6.0.0 parameter on the /specialap.htm page...

CVE-2024-50667

The boa httpd of Trendnet TEW-820AP 1.01.B01 has a stack overflow vulnerability in /boafrm/formIPv6Addr, /boafrm/formIpv6Setup, /boafrm/formDnsv6. The reason is that the check of ipv6 address is not sufficient, which allows attackers to construct payloads for attacks...

CVE-2023-0611

A vulnerability, which was classified as critical, has been found in TRENDnet TEW-652BRP 3.04B01. This issue affects some unknown processing of the file getset.ccp of the component Web Management Interface. The manipulation leads to command injection. The attack may be initiated remotely. The...

CVE-2023-0639

A vulnerability was found in TRENDnet TEW-652BRP 3.04b01 and classified as problematic. This issue affects some unknown processing of the file getset.ccp of the component Web Management Interface. The manipulation of the argument nextPage leads to cross site scripting. The attack may be initiated...

CVE-2023-0613

A vulnerability has been found in TRENDnet TEW-811DRU 1.0.10.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /wireless/security.asp of the component httpd. The manipulation leads to memory corruption. The attack can be launched remotely. The...

CVE-2023-0638

A vulnerability has been found in TRENDnet TEW-811DRU 1.0.10.0 and classified as critical. This vulnerability affects unknown code of the component Web Interface. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and ma...

CVE-2023-49236

A stack-based buffer overflow was discovered on TRENDnet TV-IP1314PI 5.5.3 200714 devices, leading to arbitrary command execution. This occurs because of lack of length validation during an sscanf of a user-entered scale field in the RTSP playback function of davinci...

CVE-2023-49237

An issue was discovered on TRENDnet TV-IP1314PI 5.5.3 200714 devices. Command injection can occur because the system function is used by davinci to unpack language packs without strict filtering of URL strings...