4 matches found
CVE-2025-66052 Command injection in Vivotek IP7137 cameras
Vivotek IP7137 camera with firmware version 0200a is vulnerable to command injection. Parameter "systemntpIt" used by "/cgi-bin/admin/setparam.cgi" endpoint is not sanitized properly, allowing a user with administrative privileges to perform an attack. Due to CVE-2025-66050, administrative access...
The vulnerability of the sub_420AE0() function in Trendnet’s router software TEW-824DRU allows a hacker to execute arbitrary code.
The vulnerability of the sub420AE0 function in Trendnet’s router software TEW-824DRU is related to insufficient checking of arguments passed in the command. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using the system.ntp.server parameter...
PT-2024-1406 · Trendnet · Trendnet Tew-824Dru
Name of the Vulnerable Software and Affected Versions: TRENDnet TEW-824DRU version 1.04b01 Description: An issue in the TRENDnet TEW-824DRU allows unauthenticated attackers to execute arbitrary code via the system.ntp.server parameter in the sub 420AE0 function. The attack can be launched remotel...
Command injection
A Command Injection vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via the system.ntp parameter to the farseer.out binary file, which cold let a malicious user execute arbitrary code...