PT-2024-1397 · Trendnet · Trendnet Tew-822Dre

Name of the Vulnerable Software and Affected Versions: TRENDnet TEW-822DRE version 1.03B02 Description: A critical issue affects the file /admin ping.htm of the component POST Request Handler. The manipulation of the ipv4 ping/ipv6 ping argument leads to command injection. This can be initiated...

TRENDnet TEW-822DRE Command Injection Vulnerability

The TRENDnet TEW-822DRE is a dual-band wireless router from Trendnet. A command injection vulnerability exists in the TRENDnet TEW-822DRE version 1.03B02, which stems from an incorrect operation of the parameter ipv4ping/ipv6ping that can lead to command injection...

ssh: Prefix truncation attack on Binary Packet Protocol (BPP)

A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure ...

CVE-2023-51217

An issue discovered in TenghuTOS TWS-200 firmware version:V4.0-201809201424 allows a remote attacker to execute arbitrary code via crafted command on the ping page component...

CVE-2023-51217

An issue discovered in TenghuTOS TWS-200 firmware version:V4.0-201809201424 allows a remote attacker to execute arbitrary code via crafted command on the ping page component...

Command injection

An issue discovered in TenghuTOS TWS-200 firmware version:V4.0-201809201424 allows a remote attacker to execute arbitrary code via crafted command on the ping page component...

CVE-2023-51217

The CVE-2023-51217 entry concerns TenghuTOS TWS-200 firmware version V4.0-201809201424. The issue is a command injection vulnerability on the ping page component that allows a remote attacker to execute arbitrary code. Affected product/firmware: TenghuTOS TWS-200 (V4.0-201809201424). Underlying c...

CVE-2023-51217

An issue discovered in TenghuTOS TWS-200 firmware version:V4.0-201809201424 allows a remote attacker to execute arbitrary code via crafted command on the ping page component...

TenghuTOS TWS-200 Security Vulnerability

TenghuTOS TWS-200 is a router from TenghuTOS China. A security vulnerability exists in TenghuTOS TWS-200 firmware version V4.0-201809201424. A remote attacker can exploit the vulnerability to execute arbitrary code via specially crafted commands on the ping page component...

Ansible Config Gather

This module will grab ansible information including hosts, ping status, and the configuration file. Module Options msf use post/linux/gather/ansible msf postansible show actions ...actions... msf postansible set ACTION msf postansible show options ...show and set options... msf postansible run Th...

Ansible Agent Payload Deployer

This exploit module creates an ansible module for deployment to nodes in the network. It creates a new yaml playbook which copies our payload, chmods it, then runs it on all targets which have been selected default all. Module Options msf use exploit/linux/local/ansiblenodedeployer msf...

CVE-2023-50991

Buffer Overflow vulnerability in Tenda i29 versions 1.0 V1.0.0.5 and 1.0 V1.0.0.2, allows remote attackers to cause a denial of service DoS via the pingIp parameter in the pingSet function...

VulnCheck KEV: CVE-2018-16752

LINK-NET LW-N605R devices with firmware 12.20.2.1486 allow Remote Code Execution via shell metacharacters in the HOST field of the ping feature at adm/systools.asp. Authentication is needed but the default password of admin for the admin account may be used in some cases...

Microsoft Windows PowerShell Code Execution / Event Log Bypass Vulnerabilities

Prior work from this researcher disclosed how PowerShell executes unintended files or BASE64 code when processing specially crafted filenames. This research builds on their PSTrojanFile work, adding a PS command line single quote bypass and PS event logging failure. On Windows CL tab, completing ...

VulnCheck KEV: CVE-2021-28151

Hongdian H8922 3.0.5 devices allow OS command injection via shell metacharacters into the ip-address aka Destination field to the tools.cgi ping command, which is accessible with the username guest and password guest...

VulnCheck KEV: CVE-2021-21805

An OS Command Injection vulnerability exists in the ping.php script functionality of Advantech R-SeeNet v 2.4.12 20.10.2020. A specially crafted HTTP request can lead to arbitrary OS command execution. An attacker can send a crafted HTTP request to trigger this vulnerability...

CVE-2023-48795

A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure ...

NetworkSherlock - Powerful And Flexible Port Scanning Tool With Shodan

NetworkSherlock is a powerful and flexible port scanning tool designed for network security professionals and penetration testers. With its advanced capabilities, NetworkSherlock can efficiently scan IP ranges, CIDR blocks, and multiple targets. It stands out with its detailed banner grabbing...

Hikvision Intercom Broadcasting System Operating System Command Injection Vulnerability

Hikvision Intercom Broadcasting System is an intercom broadcasting system from Hikvision China. An operating system command injection vulnerability exists in Hikvision Intercom Broadcasting System version 3.0.320201113RELEASE HIK, which stems from the parameter jsondataip in the file /php/ping.ph...

CVE-2023-24046

An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows attackers to run arbitrary commands via use of a crafted string in the ping utility...