Tew-827dru Firmware@* Security Vulnerabilities and Issues — Tew-827dru Firmware@* CVE List

Lucene search

TrendnetTew-827dru Firmware*

23 matches found

CVE•added 2019/07/09 9:15 p.m.•119 views

CVE-2019-13277

TRENDnet TEW-827DRU with firmware up to and including 2.04B03 allows an unauthenticated attacker to execute setup wizard functionality, giving this attacker the ability to change configuration values, potentially leading to a denial of service. The request can be made on the local intranet or remot...

7.5CVSS7.6AI score0.01701EPSS

CVE•added 2019/07/10 5:15 p.m.•96 views

CVE-2019-13278

TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple command injections when processing user input for the setup wizard, allowing an unauthenticated user to run arbitrary commands on the device. The vulnerability can be exercised on the local intranet or remotely if remot...

10CVSS9.5AI score0.60719EPSS

CVE•added 2019/07/09 7:15 p.m.•96 views

CVE-2019-13280

TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains a stack-based buffer overflow while returning an error message to the user about failure to resolve a hostname during a ping or traceroute attempt. This allows an authenticated user to execute arbitrary code. The exploit can be ...

8.8CVSS8.9AI score0.02489EPSS

CVE•added 2019/07/10 5:15 p.m.•90 views

CVE-2019-13276

TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains a stack-based buffer overflow in the ssi binary. The overflow allows an unauthenticated user to execute arbitrary code by providing a sufficiently long query string when POSTing to any valid cgi, txt, asp, or js file. The vulner...

9.8CVSS9.6AI score0.0391EPSS

CVE•added 2024/06/03 2:15 p.m.•72 views

CVE-2024-36729

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action wizard_ipv6 with a sufficiently long reboot_type key.

6.3CVSS8.4AI score0.001EPSS

CVE•added 2019/07/02 1:15 p.m.•64 views

CVE-2019-13150

An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication). The command injection exists in the key ip_addr.

8.8CVSS8.9AI score0.04844EPSS

CVE•added 2019/07/02 1:15 p.m.•57 views

CVE-2019-13154

An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the TCP Ports To Open in Add Gaming Rule.

8.8CVSS8.9AI score0.04844EPSS

CVE•added 2019/07/02 1:15 p.m.•54 views

CVE-2019-13149

An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the key passwd in Routing RIP Settings.

8.8CVSS8.9AI score0.04844EPSS

CVE•added 2019/07/10 5:15 p.m.•54 views

CVE-2019-13279

TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple stack-based buffer overflows when processing user input for the setup wizard, allowing an unauthenticated user to execute arbitrary code. The vulnerability can be exercised on the local intranet or remotely if remote ad...

9.8CVSS9.6AI score0.05217EPSS

CVE•added 2019/07/02 1:15 p.m.•52 views

CVE-2019-13152

An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the IP Address in Add Gaming Rule.

8.8CVSS8.9AI score0.04844EPSS

CVE•added 2020/06/15 4:15 a.m.•52 views

CVE-2020-14075

TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action pppoe_connect, ru_pppoe_connect, or dhcp_connect with the key wan_ifname (or wan0_dns), allowing an authenticated user to run arbitrary commands on the device.

9CVSS8.8AI score0.12273EPSS

CVE•added 2019/07/02 1:15 p.m.•51 views

CVE-2019-13148

An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the UDP Ports To Open in Add Gaming Rule.

8.8CVSS8.9AI score0.04844EPSS

CVE•added 2020/06/15 4:15 a.m.•51 views

CVE-2020-14080

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an unauthenticated user to execute arbitrary code by POSTing to apply_sec.cgi via the action ping_test with a sufficiently long ping_ipaddr key.

9.8CVSS9.9AI score0.03756EPSS

CVE•added 2020/06/15 4:15 a.m.•51 views

CVE-2020-14081

TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action send_log_email with the key auth_acname (or auth_passwd), allowing an authenticated user to run arbitrary commands on the device.

9CVSS8.8AI score0.07475EPSS

CVE•added 2024/06/03 2:15 p.m.•51 views

CVE-2024-36728

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action vlan_setting with a sufficiently long dns1 or dns 2 key.

8.1CVSS8.4AI score0.03592EPSS

CVE•added 2019/07/02 1:15 p.m.•50 views

CVE-2019-13151

An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the action set_sta_enrollee_pin_5g and the key wps_sta_enrollee_pin.

8.8CVSS8.9AI score0.04844EPSS

CVE•added 2019/07/02 1:15 p.m.•50 views

CVE-2019-13155

An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the IP Address in Add Virtual Server.

8.8CVSS8.9AI score0.04844EPSS

CVE•added 2020/06/15 4:15 a.m.•50 views

CVE-2020-14077

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action set_sta_enrollee_pin_wifi1 (or set_sta_enrollee_pin_wifi0) with a sufficiently long wps_sta...

8.8CVSS8.9AI score0.03384EPSS

CVE•added 2020/06/15 4:15 a.m.•50 views

CVE-2020-14079

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action auto_up_fw (or auto_up_lp) with a sufficiently long update_file_name key.

8.8CVSS8.9AI score0.04895EPSS

CVE•added 2019/07/02 1:15 p.m.•48 views

CVE-2019-13153

An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the Private Port in Add Virtual Server.

8.8CVSS8.8AI score0.04844EPSS

CVE•added 2020/06/15 4:15 a.m.•48 views

CVE-2020-14078

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action wifi_captive_portal_login with a sufficiently long REMOTE_ADDR key.

8.8CVSS8.9AI score0.0385EPSS

CVE•added 2020/06/15 4:15 a.m.•47 views

CVE-2020-14074

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action kick_ban_wifi_mac_allow with a sufficiently long qcawifi.wifi0_vap0.maclist key.

8.8CVSS8.9AI score0.0385EPSS

CVE•added 2020/06/15 1:15 p.m.•29 views

CVE-2020-14076

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action st_dev_connect, st_dev_disconnect, or st_dev_rconnect with a sufficiently long wan_type key...

8.8CVSS8.9AI score0.06399EPSS