CVE-2024-0919

CVE-2024-0919 affects TRENDnet TEW-815DAP v1.0.2.0. The vulnerability resides in the POST Request Handler’s do_setNTP function; manipulation of the NtpDstStart/NtpDstEnd parameters enables remote command injection. Public exploit exists. Impact is described as critical. Interim mitigations from P...

CVE-2024-0919 TRENDnet TEW-815DAP POST Request do_setNTP command injection

A vulnerability was found in TRENDnet TEW-815DAP 1.0.2.0. It has been classified as critical. This affects the function dosetNTP of the component POST Request Handler. The manipulation of the argument NtpDstStart/NtpDstEnd leads to command injection. It is possible to initiate the attack remotely...

CVE-2024-0918 TRENDnet TEW-800MB POST Request os command injection

A vulnerability was found in TRENDnet TEW-800MB 1.0.1.0 and classified as critical. Affected by this issue is some unknown functionality of the component POST Request Handler. The manipulation of the argument DeviceURL leads to os command injection. The attack may be launched remotely. The exploi...

CVE-2024-0918

TRENDnet TEW-800MB (version 1.0.1.0) contains a vulnerability in the POST Request Handler. Manipulating the DeviceURL argument leads to operating system command injection, which can be exploited remotely. The exploit has been publicly disclosed. Some sources describe a remediation approach: restr...

CVE-2024-0918 TRENDnet TEW-800MB POST Request os command injection

A vulnerability was found in TRENDnet TEW-800MB 1.0.1.0 and classified as critical. Affected by this issue is some unknown functionality of the component POST Request Handler. The manipulation of the argument DeviceURL leads to os command injection. The attack may be launched remotely. The exploi...

PT-2024-1406 · Trendnet · Trendnet Tew-824Dru

Name of the Vulnerable Software and Affected Versions: TRENDnet TEW-824DRU version 1.04b01 Description: An issue in the TRENDnet TEW-824DRU allows unauthenticated attackers to execute arbitrary code via the system.ntp.server parameter in the sub 420AE0 function. The attack can be launched remotel...

CVE-2024-22545

An issue was discovered in TRENDnet TEW-824DRU version 1.04b01, allows unauthenticated attackers to execute arbitrary code via the system.ntp.server parameter in the sub420AE0 function. The attack can be launched remotely...

PT-2024-1398 · Trendnet · Trendnet Tew-815Dap

Name of the Vulnerable Software and Affected Versions: TRENDnet TEW-815DAP version 1.0.2.0 Description: A critical issue affects the do setNTP function of the POST Request Handler component. The manipulation of the NtpDstStart/NtpDstEnd argument leads to command injection, allowing remote attacke...

TRENDnet TEW-800MB Security Vulnerability

The TRENDnet TEW-800MB is a dual-band wireless router from Trendnet, Inc. A security vulnerability exists in the TRENDnet TEW-800MB version 1.0.1.0, which stems from an incorrect operation of the parameter DeviceURL that can lead to operating system command injection...

TRENDnet TEW-822DRE Command Injection Vulnerability

The TRENDnet TEW-822DRE is a dual-band wireless router from Trendnet. A command injection vulnerability exists in the TRENDnet TEW-822DRE version 1.03B02, which stems from an incorrect operation of the parameter ipv4ping/ipv6ping that can lead to command injection...

CVE-2024-22545

An issue was discovered in TRENDnet TEW-824DRU version 1.04b01, allows unauthenticated attackers to execute arbitrary code via the system.ntp.server parameter in the sub420AE0 function. The attack can be launched remotely...

PT-2024-1397 · Trendnet · Trendnet Tew-822Dre

Name of the Vulnerable Software and Affected Versions: TRENDnet TEW-822DRE version 1.03B02 Description: A critical issue affects the file /admin ping.htm of the component POST Request Handler. The manipulation of the ipv4 ping/ipv6 ping argument leads to command injection. This can be initiated...

PT-2024-1396 · Trendnet · Trendnet Tew-800Mb

Name of the Vulnerable Software and Affected Versions: TRENDnet TEW-800MB version 1.0.1.0 Description: A critical issue was found in the component POST Request Handler, where the manipulation of the DeviceURL argument leads to os command injection. This allows an attacker to execute arbitrary...

CVE-2024-22545

TRENDnet TEW-824DRU 1.04b01 contains a vulnerability in the system.ntp.server parameter within sub_420AE0() that allows unauthenticated attackers to execute arbitrary code. The issue can be exploited remotely, according to the initial description. Public technical details in the connected documen...

TRENDnet TEW-824DRU Command Injection Vulnerability

The TRENDnet TEW-824DRU is a dual-band wireless router from Trendnet. A command injection vulnerability exists in the TRENDnet TEW-824DRU version 1.04b01, which stems from the system.ntp.server in the sub420AE0 function being susceptible to a command injection attack...

TRENDnet TEW-815DAP Command Injection Vulnerability

The TRENDnet TEW-815DAP is a wireless access point from Trendnet, Inc. A command injection vulnerability exists in the TRENDnet TEW-815DAP version 1.0.2.0, which stems from the fact that incorrect operation of the parameters NtpDstStart/NtpDstEnd can lead to command injection...

CVE-2023-51833

A command injection issue in TRENDnet TEW-411BRPplus v.2.07eu that allows a local attacker to execute arbitrary code via the data1 parameter in the debug.cgi page...

CVE-2023-51833

A command injection issue in TRENDnet TEW-411BRPplus v.2.07eu that allows a local attacker to execute arbitrary code via the data1 parameter in the debug.cgi page...

Command injection

A command injection issue in TRENDnet TEW-411BRPplus v.2.07eu that allows a local attacker to execute arbitrary code via the data1 parameter in the debug.cgi page...

CVE-2023-51833

A command injection issue in TRENDnet TEW-411BRPplus v.2.07eu that allows a local attacker to execute arbitrary code via the data1 parameter in the debug.cgi page...