Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
12 vulnerabilities found for tew-632brp_firmware by trendnet
CVE-2024-57590 (GCVE-0-2024-57590)
Vulnerability from nvd – Published: 2025-01-27 00:00 – Updated: 2025-01-28 19:46
VLAI?
Summary
TRENDnet TEW-632BRP v1.010B31 devices have an OS command injection vulnerability in the CGl interface "ntp_sync.cgi",which allows remote attackers to execute arbitrary commands via parameter "ntp_server" passed to the "ntp_sync.cgi" binary through a POST request.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-57590",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T19:36:18.339956Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T19:46:47.765Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TRENDnet TEW-632BRP v1.010B31 devices have an OS command injection vulnerability in the CGl interface \"ntp_sync.cgi\",which allows remote attackers to execute arbitrary commands via parameter \"ntp_server\" passed to the \"ntp_sync.cgi\" binary through a POST request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-27T14:26:38.426Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/IdaJea/IOT_vuln_1/blob/master/tew632/ntp_sync.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-57590",
"datePublished": "2025-01-27T00:00:00.000Z",
"dateReserved": "2025-01-09T00:00:00.000Z",
"dateUpdated": "2025-01-28T19:46:47.765Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10216 (GCVE-0-2020-10216)
Vulnerability from nvd – Published: 2020-03-07 00:29 – Updated: 2024-08-04 10:58
VLAI?
Summary
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the date parameter in a system_time.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:58:39.450Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/Trendnet-TEW-632.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/D-Link/vulnerability1.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the date parameter in a system_time.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-07T00:29:54.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/Trendnet-TEW-632.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/D-Link/vulnerability1.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-10216",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the date parameter in a system_time.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/Trendnet-TEW-632.pdf",
"refsource": "MISC",
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/Trendnet-TEW-632.pdf"
},
{
"name": "https://github.com/kuc001/IoTFirmware/blob/master/D-Link/vulnerability1.md",
"refsource": "MISC",
"url": "https://github.com/kuc001/IoTFirmware/blob/master/D-Link/vulnerability1.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-10216",
"datePublished": "2020-03-07T00:29:54.000Z",
"dateReserved": "2020-03-07T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:58:39.450Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10215 (GCVE-0-2020-10215)
Vulnerability from nvd – Published: 2020-03-07 00:30 – Updated: 2024-08-04 10:58
VLAI?
Summary
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the dns_query_name parameter in a dns_query.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:58:40.280Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/Trendnet-TEW-632.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/D-Link/vulnerability2.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the dns_query_name parameter in a dns_query.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-07T00:30:04.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/Trendnet-TEW-632.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/D-Link/vulnerability2.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-10215",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the dns_query_name parameter in a dns_query.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/Trendnet-TEW-632.pdf",
"refsource": "MISC",
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/Trendnet-TEW-632.pdf"
},
{
"name": "https://github.com/kuc001/IoTFirmware/blob/master/D-Link/vulnerability2.md",
"refsource": "MISC",
"url": "https://github.com/kuc001/IoTFirmware/blob/master/D-Link/vulnerability2.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-10215",
"datePublished": "2020-03-07T00:30:05.000Z",
"dateReserved": "2020-03-07T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:58:40.280Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10213 (GCVE-0-2020-10213)
Vulnerability from nvd – Published: 2020-03-07 00:29 – Updated: 2024-08-04 10:58
VLAI?
Summary
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the wps_sta_enrollee_pin parameter in a set_sta_enrollee_pin.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:58:39.634Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/D-Link/vulnerability3.md"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/Trendnet-TEW-632.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the wps_sta_enrollee_pin parameter in a set_sta_enrollee_pin.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-07T00:29:46.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/D-Link/vulnerability3.md"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/Trendnet-TEW-632.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-10213",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the wps_sta_enrollee_pin parameter in a set_sta_enrollee_pin.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kuc001/IoTFirmware/blob/master/D-Link/vulnerability3.md",
"refsource": "MISC",
"url": "https://github.com/kuc001/IoTFirmware/blob/master/D-Link/vulnerability3.md"
},
{
"name": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/Trendnet-TEW-632.pdf",
"refsource": "MISC",
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/Trendnet-TEW-632.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-10213",
"datePublished": "2020-03-07T00:29:46.000Z",
"dateReserved": "2020-03-07T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:58:39.634Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11418 (GCVE-0-2019-11418)
Vulnerability from nvd – Published: 2019-04-21 20:09 – Updated: 2024-08-04 22:55
VLAI?
Summary
apply.cgi on the TRENDnet TEW-632BRP 1.010B32 router has a buffer overflow via long strings to the SOAPACTION:HNAP1 interface.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:55:40.465Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zyw-200/IOTFuzzer/blob/master/Trendnet_response.png"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "apply.cgi on the TRENDnet TEW-632BRP 1.010B32 router has a buffer overflow via long strings to the SOAPACTION:HNAP1 interface."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-21T20:09:53.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zyw-200/IOTFuzzer/blob/master/Trendnet_response.png"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11418",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "apply.cgi on the TRENDnet TEW-632BRP 1.010B32 router has a buffer overflow via long strings to the SOAPACTION:HNAP1 interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/zyw-200/IOTFuzzer/blob/master/Trendnet_response.png",
"refsource": "MISC",
"url": "https://github.com/zyw-200/IOTFuzzer/blob/master/Trendnet_response.png"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11418",
"datePublished": "2019-04-21T20:09:53.000Z",
"dateReserved": "2019-04-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:55:40.465Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19242 (GCVE-0-2018-19242)
Vulnerability from nvd – Published: 2018-12-20 22:00 – Updated: 2024-08-05 11:30
VLAI?
Summary
Buffer overflow in apply.cgi on TRENDnet TEW-632BRP 1.010B32 and TEW-673GRU devices allows attackers to hijack the control flow to any attacker-specified location by crafting a POST request payload (with authentication).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Date Public ?
2018-12-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:30:04.418Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/150693/TRENDnet-Command-Injection-Buffer-Overflow-Cross-Site-Scripting.html"
},
{
"name": "20181209 Multiple vulnerabilities found in Trendnet routers and IP Cameras.",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2018/Dec/21"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-12-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in apply.cgi on TRENDnet TEW-632BRP 1.010B32 and TEW-673GRU devices allows attackers to hijack the control flow to any attacker-specified location by crafting a POST request payload (with authentication)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-20T21:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/150693/TRENDnet-Command-Injection-Buffer-Overflow-Cross-Site-Scripting.html"
},
{
"name": "20181209 Multiple vulnerabilities found in Trendnet routers and IP Cameras.",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2018/Dec/21"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19242",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in apply.cgi on TRENDnet TEW-632BRP 1.010B32 and TEW-673GRU devices allows attackers to hijack the control flow to any attacker-specified location by crafting a POST request payload (with authentication)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/150693/TRENDnet-Command-Injection-Buffer-Overflow-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/150693/TRENDnet-Command-Injection-Buffer-Overflow-Cross-Site-Scripting.html"
},
{
"name": "20181209 Multiple vulnerabilities found in Trendnet routers and IP Cameras.",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Dec/21"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19242",
"datePublished": "2018-12-20T22:00:00.000Z",
"dateReserved": "2018-11-13T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:30:04.418Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-57590 (GCVE-0-2024-57590)
Vulnerability from cvelistv5 – Published: 2025-01-27 00:00 – Updated: 2025-01-28 19:46
VLAI?
Summary
TRENDnet TEW-632BRP v1.010B31 devices have an OS command injection vulnerability in the CGl interface "ntp_sync.cgi",which allows remote attackers to execute arbitrary commands via parameter "ntp_server" passed to the "ntp_sync.cgi" binary through a POST request.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-57590",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T19:36:18.339956Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T19:46:47.765Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TRENDnet TEW-632BRP v1.010B31 devices have an OS command injection vulnerability in the CGl interface \"ntp_sync.cgi\",which allows remote attackers to execute arbitrary commands via parameter \"ntp_server\" passed to the \"ntp_sync.cgi\" binary through a POST request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-27T14:26:38.426Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/IdaJea/IOT_vuln_1/blob/master/tew632/ntp_sync.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-57590",
"datePublished": "2025-01-27T00:00:00.000Z",
"dateReserved": "2025-01-09T00:00:00.000Z",
"dateUpdated": "2025-01-28T19:46:47.765Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10215 (GCVE-0-2020-10215)
Vulnerability from cvelistv5 – Published: 2020-03-07 00:30 – Updated: 2024-08-04 10:58
VLAI?
Summary
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the dns_query_name parameter in a dns_query.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:58:40.280Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/Trendnet-TEW-632.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/D-Link/vulnerability2.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the dns_query_name parameter in a dns_query.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-07T00:30:04.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/Trendnet-TEW-632.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/D-Link/vulnerability2.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-10215",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the dns_query_name parameter in a dns_query.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/Trendnet-TEW-632.pdf",
"refsource": "MISC",
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/Trendnet-TEW-632.pdf"
},
{
"name": "https://github.com/kuc001/IoTFirmware/blob/master/D-Link/vulnerability2.md",
"refsource": "MISC",
"url": "https://github.com/kuc001/IoTFirmware/blob/master/D-Link/vulnerability2.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-10215",
"datePublished": "2020-03-07T00:30:05.000Z",
"dateReserved": "2020-03-07T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:58:40.280Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10216 (GCVE-0-2020-10216)
Vulnerability from cvelistv5 – Published: 2020-03-07 00:29 – Updated: 2024-08-04 10:58
VLAI?
Summary
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the date parameter in a system_time.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:58:39.450Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/Trendnet-TEW-632.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/D-Link/vulnerability1.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the date parameter in a system_time.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-07T00:29:54.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/Trendnet-TEW-632.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/D-Link/vulnerability1.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-10216",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the date parameter in a system_time.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/Trendnet-TEW-632.pdf",
"refsource": "MISC",
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/Trendnet-TEW-632.pdf"
},
{
"name": "https://github.com/kuc001/IoTFirmware/blob/master/D-Link/vulnerability1.md",
"refsource": "MISC",
"url": "https://github.com/kuc001/IoTFirmware/blob/master/D-Link/vulnerability1.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-10216",
"datePublished": "2020-03-07T00:29:54.000Z",
"dateReserved": "2020-03-07T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:58:39.450Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10213 (GCVE-0-2020-10213)
Vulnerability from cvelistv5 – Published: 2020-03-07 00:29 – Updated: 2024-08-04 10:58
VLAI?
Summary
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the wps_sta_enrollee_pin parameter in a set_sta_enrollee_pin.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:58:39.634Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/D-Link/vulnerability3.md"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/Trendnet-TEW-632.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the wps_sta_enrollee_pin parameter in a set_sta_enrollee_pin.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-07T00:29:46.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/D-Link/vulnerability3.md"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/Trendnet-TEW-632.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-10213",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the wps_sta_enrollee_pin parameter in a set_sta_enrollee_pin.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kuc001/IoTFirmware/blob/master/D-Link/vulnerability3.md",
"refsource": "MISC",
"url": "https://github.com/kuc001/IoTFirmware/blob/master/D-Link/vulnerability3.md"
},
{
"name": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/Trendnet-TEW-632.pdf",
"refsource": "MISC",
"url": "https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/Trendnet-TEW-632.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-10213",
"datePublished": "2020-03-07T00:29:46.000Z",
"dateReserved": "2020-03-07T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:58:39.634Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11418 (GCVE-0-2019-11418)
Vulnerability from cvelistv5 – Published: 2019-04-21 20:09 – Updated: 2024-08-04 22:55
VLAI?
Summary
apply.cgi on the TRENDnet TEW-632BRP 1.010B32 router has a buffer overflow via long strings to the SOAPACTION:HNAP1 interface.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:55:40.465Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zyw-200/IOTFuzzer/blob/master/Trendnet_response.png"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "apply.cgi on the TRENDnet TEW-632BRP 1.010B32 router has a buffer overflow via long strings to the SOAPACTION:HNAP1 interface."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-21T20:09:53.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zyw-200/IOTFuzzer/blob/master/Trendnet_response.png"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11418",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "apply.cgi on the TRENDnet TEW-632BRP 1.010B32 router has a buffer overflow via long strings to the SOAPACTION:HNAP1 interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/zyw-200/IOTFuzzer/blob/master/Trendnet_response.png",
"refsource": "MISC",
"url": "https://github.com/zyw-200/IOTFuzzer/blob/master/Trendnet_response.png"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11418",
"datePublished": "2019-04-21T20:09:53.000Z",
"dateReserved": "2019-04-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:55:40.465Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19242 (GCVE-0-2018-19242)
Vulnerability from cvelistv5 – Published: 2018-12-20 22:00 – Updated: 2024-08-05 11:30
VLAI?
Summary
Buffer overflow in apply.cgi on TRENDnet TEW-632BRP 1.010B32 and TEW-673GRU devices allows attackers to hijack the control flow to any attacker-specified location by crafting a POST request payload (with authentication).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Date Public ?
2018-12-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:30:04.418Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/150693/TRENDnet-Command-Injection-Buffer-Overflow-Cross-Site-Scripting.html"
},
{
"name": "20181209 Multiple vulnerabilities found in Trendnet routers and IP Cameras.",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2018/Dec/21"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-12-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in apply.cgi on TRENDnet TEW-632BRP 1.010B32 and TEW-673GRU devices allows attackers to hijack the control flow to any attacker-specified location by crafting a POST request payload (with authentication)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-20T21:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/150693/TRENDnet-Command-Injection-Buffer-Overflow-Cross-Site-Scripting.html"
},
{
"name": "20181209 Multiple vulnerabilities found in Trendnet routers and IP Cameras.",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2018/Dec/21"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19242",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in apply.cgi on TRENDnet TEW-632BRP 1.010B32 and TEW-673GRU devices allows attackers to hijack the control flow to any attacker-specified location by crafting a POST request payload (with authentication)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/150693/TRENDnet-Command-Injection-Buffer-Overflow-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/150693/TRENDnet-Command-Injection-Buffer-Overflow-Cross-Site-Scripting.html"
},
{
"name": "20181209 Multiple vulnerabilities found in Trendnet routers and IP Cameras.",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Dec/21"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19242",
"datePublished": "2018-12-20T22:00:00.000Z",
"dateReserved": "2018-11-13T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:30:04.418Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}