CVE-2020-14074

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action kickbanwifimacallow with a sufficiently long qcawifi.wifi0vap0.maclist key...

Command injection

TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action sendlogemail with the key authacname or authpasswd, allowing an authenticated user to run arbitrary commands on the device...

Command injection

TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action pppoeconnect, rupppoeconnect, or dhcpconnect with the key wanifname or wan0dns, allowing an authenticated user to run arbitrary commands on the device...

Stack overflow

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action autoupfw or autouplp with a sufficiently long updatefilename key...

Stack overflow

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action wificaptiveportallogin with a sufficiently long REMOTEADDR key...

Stack overflow

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action setstaenrolleepinwifi1 or setstaenrolleepinwifi0 with a sufficiently long wpsstaenrolleep...

CVE-2020-14074

TRENDnet TEW-827DRU devices up to version 2.06B04 are affected by a stack-based buffer overflow in the ssi binary. An authenticated user can trigger the overflow by posting to apply.cgi with the action kick_ban_wifi_mac_allow and supplying a sufficiently long qcawifi.wifi0_vap0.maclist key, enabl...

CVE-2020-14075

TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action pppoeconnect, rupppoeconnect, or dhcpconnect with the key wanifname or wan0dns, allowing an authenticated user to run arbitrary commands on the device...

CVE-2020-14075

Summary (CVE-2020-14075) TRENDnet TEW-827DRU routers (firmware up to 2.06B04) have a command-injection vulnerability in apply.cgi. The flaw is triggered by the actions pppoe_connect, ru_pppoe_connect, or dhcp_connect using the key wan_ifname (or wan0_dns), enabling an authenticated user to execut...

CVE-2020-14077

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action setstaenrolleepinwifi1 or setstaenrolleepinwifi0 with a sufficiently long wpsstaenrolleep...

CVE-2020-14078

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action wificaptiveportallogin with a sufficiently long REMOTEADDR key...

CVE-2020-14079

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action autoupfw or autouplp with a sufficiently long updatefilename key...

CVE-2020-14081

TRENDnet TEW-827DRU routers (firmware up to 2.06B04) contain a command injection in apply.cgi via the action send_log_email using the auth_acname or auth_passwd parameter. An authenticated user can execute arbitrary commands on the device. The affected component is the apply.cgi handling in TEW-8...

CVE-2013-2679

Multiple cross-site scripting XSS vulnerabilities in Cisco Linksys E4200 router with firmware 1.0.05 build 7 allow remote attackers to inject arbitrary web script or HTML via the 1 logtype, 2 pingip, 3 pingsize, 4 submittype, or 5 tracerouteip parameter to apply.cgi or 6 newworkgroup or 7...

CVE-2013-2678

Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Include Vulnerability which could allow remote attackers to obtain sensitive information or execute arbitrary code by sending a crafted URL request to the apply.cgi script using the submittype parameter...

Code injection

Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Include Vulnerability which could allow remote attackers to obtain sensitive information or execute arbitrary code by sending a crafted URL request to the apply.cgi script using the submittype parameter...

CVE-2013-2678

Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Include Vulnerability which could allow remote attackers to obtain sensitive information or execute arbitrary code by sending a crafted URL request to the apply.cgi script using the submittype parameter...

VulnCheck KEV: CVE-2018-9285

MainAnalysisContent.asp in /apply.cgi on ASUS RT-AC66U, RT-AC68U, RT-AC86U, RT-AC88U, RT-AC1900, RT-AC2900, and RT-AC3100 devices before 3.0.0.4.38410007; RT-N18U devices before 3.0.0.4.382.39935; RT-AC87U and RT-AC3200 devices before 3.0.0.4.382.50010; and RT-AC5300 devices before...

TRENDnet TEW-827DRU Command Injection Vulnerability (CNVD-2019-21075)

The TRENDnet TEW-827DRU is a wireless router from TRENDnet. A command injection vulnerability exists in the apply.cgi file in the TRENDnet TEW-827DRU using firmware prior to version 2.05B11. The vulnerability stems from a network system or product not properly filtering specific elements of...

TRENDnet TEW-827DRU Command Injection Vulnerability

The TRENDnet TEW-827DRU is a wireless router from TRENDnet. A command injection vulnerability exists in the apply.cgi file in the TRENDnet TEW-827DRU using firmware prior to version 2.05B11. The vulnerability stems from a network system or product not properly filtering specific elements of...