30 matches found
Stack overflow
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action autoupfw or autouplp with a sufficiently long updatefilename key...
Stack overflow
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action setstaenrolleepinwifi1 or setstaenrolleepinwifi0 with a sufficiently long wpsstaenrolleep...
CVE-2020-14074
TRENDnet TEW-827DRU devices up to version 2.06B04 are affected by a stack-based buffer overflow in the ssi binary. An authenticated user can trigger the overflow by posting to apply.cgi with the action kick_ban_wifi_mac_allow and supplying a sufficiently long qcawifi.wifi0_vap0.maclist key, enabl...
CVE-2020-14077
TRENDnet TEW-827DRU routers (firmware 2.06B04 and earlier) are affected by a stack-based buffer overflow in the ssi binary. An authenticated user can trigger arbitrary code execution by sending a crafted POST to apply.cgi using the actions set_sta_enrollee_pin_wifi1 or set_sta_enrollee_pin_wifi0 ...
CVE-2020-14078
CVE-2020-14078 affects TRENDnet TEW-827DRU devices with firmware 2.06B04 and earlier. A stack-based buffer overflow in the ssi binary permits an authenticated attacker to execute arbitrary code by POSTing to apply.cgi via the action wifi_captive_portal_login using a sufficiently long REMOTE_ADDR ...
CVE-2020-14078
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action wificaptiveportallogin with a sufficiently long REMOTEADDR key...
CVE-2020-14079
TRENDnet TEW-827DRU routers (firmware up to 2.06B04) are affected by a stack-based overflow in the ssi binary. An authenticated user can trigger arbitrary code execution by sending a crafted update_file_name via POST to apply.cgi with action auto_up_fw (or auto_up_lp). The vulnerability affects t...
CVE-2020-14080
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an unauthenticated user to execute arbitrary code by POSTing to applysec.cgi via the action pingtest with a sufficiently long pingipaddr key...
CVE-2020-14080
Trendnet TEW-827DRU devices up to firmware version 2.06B04 are affected by a stack-based buffer overflow in the ssi binary. An unauthenticated attacker can cause arbitrary code execution by sending a specially crafted POST to apply_sec.cgi with action ping_test and a long ping_ipaddr value. The i...
TRENDnet TEW-827DRU Stack Buffer Overflow Vulnerability (CNVD-2019-22208)
The TRENDnet TEW-827DRU is a wireless router from TRENDnet. A buffer overflow vulnerability exists in the ssi binary in the TRENDnet TEW-827DRU using firmware version 2.04B03 and earlier. The vulnerability originates when a network system or product performs an operation on memory without properl...