Tew-827dru Firmware Security Vulnerabilities and Issues — Tew-827dru Firmware CVE List

Lucene search

TrendnetTew-827dru Firmware

17 matches found

CVE•added 2019/07/09 7:15 p.m.•96 views

CVE-2019-13280

TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains a stack-based buffer overflow while returning an error message to the user about failure to resolve a hostname during a ping or traceroute attempt. This allows an authenticated user to execute arbitrary code. The exploit can be ...

8.8CVSS8.9AI score0.02489EPSS

CVE•added 2019/07/02 1:15 p.m.•64 views

CVE-2019-13150

An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication). The command injection exists in the key ip_addr.

8.8CVSS8.9AI score0.04844EPSS

CVE•added 2019/07/02 1:15 p.m.•57 views

CVE-2019-13154

An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the TCP Ports To Open in Add Gaming Rule.

8.8CVSS8.9AI score0.04844EPSS

CVE•added 2024/03/15 8:15 a.m.•57 views

CVE-2024-28353

There is a command injection vulnerability in the TRENDnet TEW-827DRU router with firmware version 2.10B01. An attacker can inject commands into the post request parameters usapps.config.smb_admin_name in the apply.cgi interface, thereby gaining root shell privileges.

8.8CVSS7.7AI score0.03662EPSS

CVE•added 2019/07/02 1:15 p.m.•54 views

CVE-2019-13149

An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the key passwd in Routing RIP Settings.

8.8CVSS8.9AI score0.04844EPSS

CVE•added 2019/07/02 1:15 p.m.•52 views

CVE-2019-13152

An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the IP Address in Add Gaming Rule.

8.8CVSS8.9AI score0.04844EPSS

CVE•added 2019/07/02 1:15 p.m.•51 views

CVE-2019-13148

An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the UDP Ports To Open in Add Gaming Rule.

8.8CVSS8.9AI score0.04844EPSS

CVE•added 2024/06/03 2:15 p.m.•51 views

CVE-2024-36728

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action vlan_setting with a sufficiently long dns1 or dns 2 key.

8.1CVSS8.4AI score0.03592EPSS

CVE•added 2019/07/02 1:15 p.m.•50 views

CVE-2019-13151

An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the action set_sta_enrollee_pin_5g and the key wps_sta_enrollee_pin.

8.8CVSS8.9AI score0.04844EPSS

CVE•added 2019/07/02 1:15 p.m.•50 views

CVE-2019-13155

An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the IP Address in Add Virtual Server.

8.8CVSS8.9AI score0.04844EPSS

CVE•added 2020/06/15 4:15 a.m.•50 views

CVE-2020-14077

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action set_sta_enrollee_pin_wifi1 (or set_sta_enrollee_pin_wifi0) with a sufficiently long wps_sta...

8.8CVSS8.9AI score0.03384EPSS

CVE•added 2020/06/15 4:15 a.m.•50 views

CVE-2020-14079

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action auto_up_fw (or auto_up_lp) with a sufficiently long update_file_name key.

8.8CVSS8.9AI score0.04895EPSS

CVE•added 2019/07/02 1:15 p.m.•48 views

CVE-2019-13153

An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the Private Port in Add Virtual Server.

8.8CVSS8.8AI score0.04844EPSS

CVE•added 2020/06/15 4:15 a.m.•48 views

CVE-2020-14078

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action wifi_captive_portal_login with a sufficiently long REMOTE_ADDR key.

8.8CVSS8.9AI score0.0385EPSS

CVE•added 2020/06/15 4:15 a.m.•47 views

CVE-2020-14074

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action kick_ban_wifi_mac_allow with a sufficiently long qcawifi.wifi0_vap0.maclist key.

8.8CVSS8.9AI score0.0385EPSS

CVE•added 2021/12/30 10:15 p.m.•38 views

CVE-2021-20165

Trendnet AC2600 TEW-827DRU version 2.08B01 does not properly implement csrf protections. Most pages lack proper usage of CSRF protections or mitigations. Additionally, pages that do make use of CSRF tokens are trivially bypassable as the server does not appear to validate them properly (i.e. re-usi...

8.8CVSS8.7AI score0.00109EPSS

CVE•added 2020/06/15 1:15 p.m.•29 views

CVE-2020-14076

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action st_dev_connect, st_dev_disconnect, or st_dev_rconnect with a sufficiently long wan_type key...

8.8CVSS8.9AI score0.06399EPSS