Tew-827dru Firmware Security Vulnerabilities and Issues — Tew-827dru Firmware CVE List

Lucene search

TrendnetTew-827dru Firmware

10 matches found

CVE•added 2019/07/10 5:15 p.m.•90 views

CVE-2019-13276

TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains a stack-based buffer overflow in the ssi binary. The overflow allows an unauthenticated user to execute arbitrary code by providing a sufficiently long query string when POSTing to any valid cgi, txt, asp, or js file. The vulner...

9.8CVSS9.6AI score0.0391EPSS

CVE•added 2019/07/10 5:15 p.m.•54 views

CVE-2019-13279

TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple stack-based buffer overflows when processing user input for the setup wizard, allowing an unauthenticated user to execute arbitrary code. The vulnerability can be exercised on the local intranet or remotely if remote ad...

9.8CVSS9.6AI score0.05217EPSS

CVE•added 2021/12/30 10:15 p.m.•54 views

CVE-2021-20158

Trendnet AC2600 TEW-827DRU version 2.08B01 contains an authentication bypass vulnerability. It is possible for an unauthenticated, malicous actor to force the change of the admin password due to a hidden administrative command.

9.8CVSS9.7AI score0.8034EPSS

CVE•added 2020/06/15 4:15 a.m.•52 views

CVE-2020-14075

TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action pppoe_connect, ru_pppoe_connect, or dhcp_connect with the key wan_ifname (or wan0_dns), allowing an authenticated user to run arbitrary commands on the device.

9CVSS8.8AI score0.12273EPSS

CVE•added 2020/06/15 4:15 a.m.•51 views

CVE-2020-14080

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an unauthenticated user to execute arbitrary code by POSTing to apply_sec.cgi via the action ping_test with a sufficiently long ping_ipaddr key.

9.8CVSS9.9AI score0.03756EPSS

CVE•added 2020/06/15 4:15 a.m.•51 views

CVE-2020-14081

TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action send_log_email with the key auth_acname (or auth_passwd), allowing an authenticated user to run arbitrary commands on the device.

9CVSS8.8AI score0.07475EPSS

CVE•added 2021/12/30 10:15 p.m.•43 views

CVE-2021-20159

Trendnet AC2600 TEW-827DRU version 2.08B01 is vulnerable to command injection. The system log functionality of the firmware allows for command injection as root by supplying a malformed parameter.

9CVSS9.1AI score0.03102EPSS

CVE•added 2021/12/30 10:15 p.m.•36 views

CVE-2021-20149

Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient access controls for the WAN interface. The default iptables ruleset for governing access to services on the device only apply to IPv4. All services running on the devices are accessible via the WAN interface via IPv6 by default.

9.8CVSS9.3AI score0.00706EPSS

CVE•added 2021/12/30 10:15 p.m.•36 views

CVE-2021-20160

Trendnet AC2600 TEW-827DRU version 2.08B01 contains a command injection vulnerability in the smb functionality of the device. The username parameter used when configuring smb functionality for the device is vulnerable to command injection as root.

9CVSS8.8AI score0.09123EPSS

CVE•added 2021/12/30 10:15 p.m.•32 views

CVE-2021-20155

Trendnet AC2600 TEW-827DRU version 2.08B01 makes use of hardcoded credentials. It is possible to backup and restore device configurations via the management web interface. These devices are encrypted using a hardcoded password of "12345678".

9.8CVSS9.5AI score0.00732EPSS