CVE-2019-13150

The CVE-2019-13150 issue affects TRENDnet TEW-827DRU routers, with a command injection in apply.cgi (in the ip_addr parameter) present in firmware versions prior to 2.05B11. Exploitation is noted as requiring authentication. The connected documents consistently describe this vulnerability across ...

CVE-2019-13149

The TRENDnet TEW-827DRU router (firmware prior to 2.05B11) exposes a command-injection vulnerability in apply.cgi, exploitable with authentication via the key passwd in Routing RIP Settings. CVSS context from NVD/Red Hat CNVD notes base scores around 6.5–8.8 (network, low complexity, privileges r...

CVE-2019-13149

An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi exploitable with authentication via the key passwd in Routing RIP Settings...

CVE-2019-13148

An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi exploitable with authentication via the UDP Ports To Open in Add Gaming Rule...

CVE-2019-13148

TRENDnet TEW-827DRU firmware prior to 2.05B11 is affected by a command-injection vulnerability in apply.cgi that is exploitable with authentication via the UDP Ports To Open in Add Gaming Rule. Several sources corroborate this issue. The vulnerability could allow execution of arbitrary commands o...

TRENDnet TEW-827DRU Command Injection Vulnerability (CNVD-2019-25520)

The TRENDnet TEW-827DRU is a wireless router from TRENDnet. A command injection vulnerability exists in the apply.cgi file in the TRENDnet TEW-827DRU using firmware prior to version 2.05B11. The vulnerability stems from a network system or product not properly filtering specific elements of...

TRENDnet TEW-827DRU Command Injection Vulnerability (CNVD-2019-25519)

The TRENDnet TEW-827DRU is a wireless router from TRENDnet. A command injection vulnerability exists in the apply.cgi file in the TRENDnet TEW-827DRU using firmware prior to version 2.05B11. The vulnerability stems from a network system or product not properly filtering specific elements of...

TRENDnet TEW-827DRU Command Injection Vulnerability

The TRENDnet TEW-827DRU is a wireless router from TRENDnet. A command injection vulnerability exists in the apply.cgi file in the TRENDnet TEW-827DRU using firmware prior to version 2.05B11. The vulnerability stems from a network system or product not properly filtering specific elements of...

CVE-2019-11418

apply.cgi on the TRENDnet TEW-632BRP 1.010B32 router has a buffer overflow via long strings to the SOAPACTION:HNAP1 interface...

CVE-2019-6441

An issue was discovered on Shenzhen Coship RT3050 4.0.0.40, RT3052 4.0.0.48, RT7620 10.0.0.49, WM3300 5.0.0.54, and WM3300 5.0.0.55 devices. The password reset functionality of the router doesn't have backend validation for the current password and doesn't require any type of authentication. By...

CVE-2019-6441

CVE-2019-6441 affects Shenzhen Coship RT3050/RT3052/RT7620/WM3300 devices (firmware versions 4.0.0.40/4.0.0.48/10.0.0.49/5.0.0.54/5.0.0.55). The issue is an unauthenticated password reset function: the router’s password reset workflow does not validate the current password and requires no authent...

CVE-2018-19239

TRENDnet TEW-673GRU v1.00b40 devices have an OS command injection vulnerability in the startarpping function of the timer binary, which allows remote attackers to execute arbitrary commands via three parameters dhcpdstart, dhcpdend, and lanipaddr passed to the apply.cgi binary through a POST...

CVE-2018-19239

TRENDnet TEW-673GRU v1.00b40 devices have an OS command injection vulnerability in the startarpping function of the timer binary, which allows remote attackers to execute arbitrary commands via three parameters dhcpdstart, dhcpdend, and lanipaddr passed to the apply.cgi binary through a POST...

CVE-2018-19242

Buffer overflow in apply.cgi on TRENDnet TEW-632BRP 1.010B32 and TEW-673GRU devices allows attackers to hijack the control flow to any attacker-specified location by crafting a POST request payload with authentication...

CVE-2018-19242

Buffer overflow in apply.cgi on TRENDnet TEW-632BRP 1.010B32 and TEW-673GRU devices allows attackers to hijack the control flow to any attacker-specified location by crafting a POST request payload with authentication...

CVE-2018-19242

The CVE-2018-19242 entry relates to a buffer overflow in apply.cgi on TRENDnet TEW-632BRP (firmware 1.010B32) and TEW-673GRU routers. The underlying issue allows an attacker to hijack program control flow to an attacker‑specified location by crafting a POST request payload with authentication. Th...

CVE-2018-19239

TRENDnet TEW-673GRU router (firmware v1.00b40) contains an OS command injection in the start_arpping function of the timer binary. An attacker can remotely execute commands by crafting a POST to apply.cgi and passing the parameters dhcpd_start, dhcpd_end, and lan_ipaddr. CVE-2018-19239 documents ...

CVE-2018-3955

An exploitable operating system command injection exists in the Linksys ESeries line of routers Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04. Specially crafted entries to network configuration information can cause execution of arbitrary system commands, resulti...

Command injection

Devices in the Linksys ESeries line of routers Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04 are susceptible to OS command injection vulnerabilities due to improper filtering of data passed to and retrieved from NVRAM. Data entered into the 'Router Name' input...

Command injection

An exploitable operating system command injection exists in the Linksys ESeries line of routers Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04. Specially crafted entries to network configuration information can cause execution of arbitrary system commands, resulti...