TRENDnet TEW-651BR 安全漏洞

The TRENDnet TEW-651BR is a wireless router from Trendnet, Inc. A security vulnerability exists in the TRENDnet TEW-651BR version 2.04B1, TEW-652BRP version 3.04b01, and TEW-652BRU version 1.00b12, which originates from the ptRuleApplicationName1.1.6.0.0 parameter in the /specialap.htm page...

TRENDnet TEW-651BR 安全漏洞

The TRENDnet TEW-651BR is a wireless router from Trendnet, Inc. A security vulnerability exists in the TRENDnet TEW-651BR version 2.04B1, TEW-652BRP version 3.04b01, and TEW-652BRU version 1.00b12, which originates from a cross-site scripting vulnerability contained in the macListName1.1.1.0.0...

TRENDnet TEW-651BR 安全漏洞

The TRENDnet TEW-651BR is a wireless router from Trendnet, Inc. A security vulnerability exists in the TRENDnet TEW-651BR version 2.04B1, TEW-652BRP version 3.04b01, and TEW-652BRU version 1.00b12, which originates from the firewallRuleName1.1.1.0.0 parameter on the /firewallsetting.htm page...

Trendnet TEW-820AP 安全漏洞

The TRENDnet TEW-820AP is a router from Trendnet, Inc. A security vulnerability exists in the Trendnet TEW-820AP version 1.01.B01, which stems from an insufficient validation of the ipv6 address, and a stack overflow vulnerability that allows an attacker to construct a payload for an attack...

CVE-2024-51188

CVE-2024-51188 affects TRENDnet TEW-651BR (2.04B1), TEW-652BRP (3.04b01), and TEW-652BRU (1.00b12). It is a Store XSS vulnerability triggered by the vsRule_VirtualServerName_1.1.10.0.0 parameter on the /virtual_server.htm page. Root cause/impact: cross-site scripting may affect confidentiality an...

CVE-2024-51190

The CVE-2024-51190 entries describe a Store Cross-site scripting (XSS) vulnerability in TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12. The flaw stems from the ptRule_ApplicationName_1.1.6.0.0 parameter on the /special_ap.htm page, enabling XSS. Connected documents confirm ...

CVE-2024-51187

CVE-2024-51187 affects multiple Trendnet wireless routers: TEW-651BR (2.04B1), TEW-652BRP (3.04b01), and TEW-652BRU (1.00b12). The vulnerability is a store-based Cross-site Scripting (XSS) via the parameter firewallRule_Name_1.1.1.0.0 on the page /firewall_setting.htm. The root cause is an XSS fl...

CVE-2024-51189

TRENDnet TEW-651BR (2.04B1), TEW-652BRP (3.04b01), and TEW-652BRU (1.00b12) expose a Store XSS in the macList_Name_1.1.1.0.0 parameter on /filters.htm. Root cause not explicitly detailed beyond the XSS description. Public references (Red Hat advisory and PT Security notes) confirm the affected mo...

PT-2024-34554 · Trendnet · Trendnet Tew-652Brp +1

Name of the Vulnerable Software and Affected Versions: TRENDnet TEW-651BR version 2.04B1 TRENDnet TEW-652BRP version 3.04b01 TRENDnet TEW-652BRU version 1.00b12 Description: The issue concerns a Store Cross-site scripting XSS vulnerability. This vulnerability can be exploited via the firewallRule...

PT-2024-34386 · Trendnet · Trendnet Tew-820Ap

Name of the Vulnerable Software and Affected Versions: Trendnet TEW-820AP version 1.01.B01 Description: The issue is related to a stack overflow vulnerability in the boa httpd. Specifically, the vulnerability is found in the /boafrm/formIPv6Addr, /boafrm/formIpv6Setup, and /boafrm/formDnsv6 API...

CVE-2024-51187

TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting XSS vulnerability via the firewallRuleName1.1.1.0.0 parameter on the /firewallsetting.htm page...

CVE-2024-50667

The boa httpd of Trendnet TEW-820AP 1.01.B01 has a stack overflow vulnerability in /boafrm/formIPv6Addr, /boafrm/formIpv6Setup, /boafrm/formDnsv6. The reason is that the check of ipv6 address is not sufficient, which allows attackers to construct payloads for attacks...

PT-2024-34558 · Trendnet · Trendnet Tew-652Brp +1

Name of the Vulnerable Software and Affected Versions: TRENDnet TEW-651BR version 2.04B1 TRENDnet TEW-652BRP version 3.04b01 TRENDnet TEW-652BRU version 1.00b12 Description: The issue is related to a Store Cross-site scripting XSS vulnerability. This vulnerability can be exploited via the ptRule...

CVE-2024-50667

CVE-2024-50667 affects the Trendnet TEW-820AP (firmware 1.01.B01) where the Boa httpd has a stack overflow in the endpoints /boafrm/formIPv6Addr, /boafrm/formIpv6Setup, and /boafrm/formDnsv6 due to insufficient validation of an IPv6 address. The vulnerability is described as allowing attackers to...

VulnCheck KEV: CVE-2023-0611

A vulnerability, which was classified as critical, has been found in TRENDnet TEW-652BRP 3.04B01. This issue affects some unknown processing of the file getset.ccp of the component Web Management Interface. The manipulation leads to command injection. The attack may be initiated remotely. The...

VulnCheck KEV: CVE-2020-10215

An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the dnsqueryname parameter in a dnsquery.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected...

CVE-2024-42813

In TRENDnet TEW-752DRU FW1.03B01, there is a buffer overflow vulnerability due to the lack of length verification for the service field in gena.cgi. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands...

CVE-2024-42813

In TRENDnet TEW-752DRU FW1.03B01, there is a buffer overflow vulnerability due to the lack of length verification for the service field in gena.cgi. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands...

CVE-2024-42813

In TRENDnet TEW-752DRU FW1.03B01, there is a buffer overflow vulnerability due to the lack of length verification for the service field in gena.cgi. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands...

CVE-2024-42813

In TRENDnet TEW-752DRU FW1.03B01, there is a buffer overflow vulnerability due to the lack of length verification for the service field in gena.cgi. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands...