15 matches found
CVE-2026-4354
A vulnerability was identified in TRENDnet TEW-824DRU 1.010B01/1.04B01. The impacted element is the function sub420A78 of the file applysec.cgi of the component Web Interface. Such manipulation of the argument Language leads to cross site scripting. It is possible to launch the attack remotely. T...
EUVD-2026-12685
A vulnerability was identified in TRENDnet TEW-824DRU 1.010B01/1.04B01. The impacted element is the function sub420A78 of the file applysec.cgi of the component Web Interface. Such manipulation of the argument Language leads to cross site scripting. It is possible to launch the attack remotely. T...
CVE-2026-4354 TRENDnet TEW-824DRU Web apply_sec.cgi sub_420A78 cross site scripting
A vulnerability was identified in TRENDnet TEW-824DRU 1.010B01/1.04B01. The impacted element is the function sub420A78 of the file applysec.cgi of the component Web Interface. Such manipulation of the argument Language leads to cross site scripting. It is possible to launch the attack remotely. T...
CVE-2026-4354
A vulnerability was identified in TRENDnet TEW-824DRU 1.010B01/1.04B01. The impacted element is the function sub420A78 of the file applysec.cgi of the component Web Interface. Such manipulation of the argument Language leads to cross site scripting. It is possible to launch the attack remotely. T...
VulnCheck KEV: CVE-2020-14080
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an unauthenticated user to execute arbitrary code by POSTing to applysec.cgi via the action pingtest with a sufficiently long pingipaddr key...
CVE-2019-13560
D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to force a blank password via the applysec.cgi setupwizard parameter...
CVE-2020-14080
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an unauthenticated user to execute arbitrary code by POSTing to applysec.cgi via the action pingtest with a sufficiently long pingipaddr key...
CVE-2020-14080
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an unauthenticated user to execute arbitrary code by POSTing to applysec.cgi via the action pingtest with a sufficiently long pingipaddr key...
Stack overflow
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an unauthenticated user to execute arbitrary code by POSTing to applysec.cgi via the action pingtest with a sufficiently long pingipaddr key...
CVE-2020-14080
CVE-2020-14080 affects TRENDnet TEW-827DRU devices up to version 2.06B04. The root cause is a stack-based buffer overflow in the ssi binary that can be triggered by posting to apply_sec.cgi with a long ping_ipaddr in the action ping_test, allowing an unauthenticated attacker to execute arbitrary ...
CVE-2020-14080
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an unauthenticated user to execute arbitrary code by POSTing to applysec.cgi via the action pingtest with a sufficiently long pingipaddr key...
CVE-2019-13560
D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to force a blank password via the applysec.cgi setupwizard parameter...
CVE-2019-13560
D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to force a blank password via the applysec.cgi setupwizard parameter...
Default credentials
D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to force a blank password via the applysec.cgi setupwizard parameter...
CVE-2019-13562
CVE-2019-13562 affects D-Link DIR-655 C devices prior to 3.02B05 BETA03, enabling XSS via web pages /www/ping_response.cgi, /www/ping6_response.cgi, and /www/apply_sec.cgi due to insufficient input validation in the Web UI. Affected firmware is DIR-655 C before 3.02B05 BETA03; remediation per sou...