Search criteria
7 vulnerabilities found for tew-651br by trendnet
VAR-201709-0173
Vulnerability from variot - Updated: 2025-11-18 15:18The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp. D-Link and TRENDnet The device contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The D-Link DIR-636L is a router device. The D-Link DIR636L has remote command injection and verification bypass vulnerabilities that allow an attacker to execute arbitrary commands or bypass the authentication mechanism to fully control the affected device. D-Link DIR-636L is prone to a command-injection vulnerability and an authentication bypass vulnerability. Failed exploit attempts will likely result in denial-of-service conditions. Multiple Dlink products are prone to multiple security vulnerabilities. The ping tool in several D-Link and TRENDnet devices has a security vulnerability. The following products and versions are affected: D-Link DIR-626L (Rev A) Version 1.04b04; D-Link DIR-636L (Rev A) Version 1.04; D-Link DIR-808L (Rev A) Version 1.03b05; D- Link DIR-810L (Rev A) Rev. 1.01b04; D-Link DIR-810L (Rev B) Rev. 2.02b01; D-Link DIR-820L (Rev A) Rev. 1.02B10; D-Link DIR-820L (Rev A) D-Link DIR-820L (Rev B) Rev 2.01b02; D-Link DIR-826L (Rev A) Rev 1.00b23; D-Link DIR-830L (Rev A) Rev 1.00b07; D-Link DIR -836L (Rev A) Version 1.01b03; TRENDnet TEW-731BR (Rev 2) Version 2.01b01
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201709-0173",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-636l",
"scope": null,
"trust": 1.4,
"vendor": "d link",
"version": null
},
{
"model": "dir-636l",
"scope": "eq",
"trust": 1.3,
"vendor": "dlink",
"version": "1.04"
},
{
"model": "dir-808l",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.03"
},
{
"model": "dir-810l",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "2.02"
},
{
"model": "dir-826l",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.00"
},
{
"model": "tew-651br",
"scope": "eq",
"trust": 1.0,
"vendor": "trendnet",
"version": null
},
{
"model": "tew-652br",
"scope": "eq",
"trust": 1.0,
"vendor": "trendnet",
"version": null
},
{
"model": "dir-820l",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.02"
},
{
"model": "tew-731br",
"scope": "eq",
"trust": 1.0,
"vendor": "trendnet",
"version": "2.01"
},
{
"model": "dir-836l",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.01"
},
{
"model": "dir-626l",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.04"
},
{
"model": "dir-810l",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.01"
},
{
"model": "dir-651",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.10na"
},
{
"model": "tew-711br",
"scope": "eq",
"trust": 1.0,
"vendor": "trendnet",
"version": "1.00"
},
{
"model": "tew-813dru",
"scope": "eq",
"trust": 1.0,
"vendor": "trendnet",
"version": "1.00"
},
{
"model": "dir-830l",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.00"
},
{
"model": "dir-820l",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "2.01"
},
{
"model": "tew-810dr",
"scope": "eq",
"trust": 1.0,
"vendor": "trendnet",
"version": "1.00"
},
{
"model": "dir-820l",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "1.05"
},
{
"model": "dir-626l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-651",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-808l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-810l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-820l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-826l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-830l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-836l",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "tew-651br",
"scope": null,
"trust": 0.8,
"vendor": "trendnet",
"version": null
},
{
"model": "tew-652br",
"scope": null,
"trust": 0.8,
"vendor": "trendnet",
"version": null
},
{
"model": "tew-711br",
"scope": null,
"trust": 0.8,
"vendor": "trendnet",
"version": null
},
{
"model": "tew-731br",
"scope": null,
"trust": 0.8,
"vendor": "trendnet",
"version": null
},
{
"model": "tew-810dr",
"scope": null,
"trust": 0.8,
"vendor": "trendnet",
"version": null
},
{
"model": "tew-813dru",
"scope": null,
"trust": 0.8,
"vendor": "trendnet",
"version": null
},
{
"model": "dir-820l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "2.01"
},
{
"model": "dir-820l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.05"
},
{
"model": "dir-810l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "2.02"
},
{
"model": "dir-810l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.01"
},
{
"model": "dir-626l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.04"
},
{
"model": "dir-820l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.02"
},
{
"model": "dir-830l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.00"
},
{
"model": "dir-826l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.00"
},
{
"model": "dir-636l",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "0"
},
{
"model": "dir-836l 1.01b03",
"scope": null,
"trust": 0.3,
"vendor": "dlink",
"version": null
},
{
"model": "dir-830l 1.00b07",
"scope": null,
"trust": 0.3,
"vendor": "dlink",
"version": null
},
{
"model": "dir-826l 1.00b23",
"scope": null,
"trust": 0.3,
"vendor": "dlink",
"version": null
},
{
"model": "dir-820l 2.01b02",
"scope": null,
"trust": 0.3,
"vendor": "dlink",
"version": null
},
{
"model": "dir-820l 1.05b03",
"scope": null,
"trust": 0.3,
"vendor": "dlink",
"version": null
},
{
"model": "dir-810l 2.02b01",
"scope": null,
"trust": 0.3,
"vendor": "dlink",
"version": null
},
{
"model": "dir-810l 1.01b04",
"scope": null,
"trust": 0.3,
"vendor": "dlink",
"version": null
},
{
"model": "dir-808l 1.03b05",
"scope": null,
"trust": 0.3,
"vendor": "dlink",
"version": null
},
{
"model": "dir-626l 1.04b04 beta",
"scope": null,
"trust": 0.3,
"vendor": "dlink",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01489"
},
{
"db": "BID",
"id": "72848"
},
{
"db": "BID",
"id": "72865"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-213"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007962"
},
{
"db": "NVD",
"id": "CVE-2015-1187"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:d-link:dir-626l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dir-636l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dir-651_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dir-808l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dir-810l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dir-820l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dir-826l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dir-830l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dir-836l_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:trendnet:tew-651br_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:trendnet:tew-652br_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:trendnet:tew-711br_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:trendnet:tew-731br_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:trendnet:tew-810dr_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:trendnet:tew-813dru_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007962"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tiago Caetano Henriques and Stephan Rickauer via Swisscom CSIRT.",
"sources": [
{
"db": "BID",
"id": "72848"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-213"
}
],
"trust": 0.9
},
"cve": "CVE-2015-1187",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2015-1187",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-01489",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-79148",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2015-1187",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2015-1187",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-1187",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2015-1187",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2015-1187",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2015-01489",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201503-213",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-79148",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2015-1187",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01489"
},
{
"db": "VULHUB",
"id": "VHN-79148"
},
{
"db": "VULMON",
"id": "CVE-2015-1187"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-213"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007962"
},
{
"db": "NVD",
"id": "CVE-2015-1187"
},
{
"db": "NVD",
"id": "CVE-2015-1187"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp. D-Link and TRENDnet The device contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The D-Link DIR-636L is a router device. The D-Link DIR636L has remote command injection and verification bypass vulnerabilities that allow an attacker to execute arbitrary commands or bypass the authentication mechanism to fully control the affected device. D-Link DIR-636L is prone to a command-injection vulnerability and an authentication bypass vulnerability. Failed exploit attempts will likely result in denial-of-service conditions. Multiple Dlink products are prone to multiple security vulnerabilities. The ping tool in several D-Link and TRENDnet devices has a security vulnerability. The following products and versions are affected: D-Link DIR-626L (Rev A) Version 1.04b04; D-Link DIR-636L (Rev A) Version 1.04; D-Link DIR-808L (Rev A) Version 1.03b05; D- Link DIR-810L (Rev A) Rev. 1.01b04; D-Link DIR-810L (Rev B) Rev. 2.02b01; D-Link DIR-820L (Rev A) Rev. 1.02B10; D-Link DIR-820L (Rev A) D-Link DIR-820L (Rev B) Rev 2.01b02; D-Link DIR-826L (Rev A) Rev 1.00b23; D-Link DIR-830L (Rev A) Rev 1.00b07; D-Link DIR -836L (Rev A) Version 1.01b03; TRENDnet TEW-731BR (Rev 2) Version 2.01b01",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-1187"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007962"
},
{
"db": "CNVD",
"id": "CNVD-2015-01489"
},
{
"db": "BID",
"id": "72848"
},
{
"db": "BID",
"id": "72865"
},
{
"db": "VULHUB",
"id": "VHN-79148"
},
{
"db": "VULMON",
"id": "CVE-2015-1187"
}
],
"trust": 2.88
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-79148",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=41677",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-79148"
},
{
"db": "VULMON",
"id": "CVE-2015-1187"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-1187",
"trust": 3.5
},
{
"db": "BID",
"id": "72848",
"trust": 2.7
},
{
"db": "DLINK",
"id": "SAP10052",
"trust": 2.1
},
{
"db": "PACKETSTORM",
"id": "131465",
"trust": 1.8
},
{
"db": "PACKETSTORM",
"id": "130607",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007962",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201503-213",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-01489",
"trust": 0.6
},
{
"db": "BID",
"id": "72865",
"trust": 0.3
},
{
"db": "EXPLOIT-DB",
"id": "41677",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-79148",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-1187",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01489"
},
{
"db": "VULHUB",
"id": "VHN-79148"
},
{
"db": "VULMON",
"id": "CVE-2015-1187"
},
{
"db": "BID",
"id": "72848"
},
{
"db": "BID",
"id": "72865"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-213"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007962"
},
{
"db": "NVD",
"id": "CVE-2015-1187"
}
]
},
"id": "VAR-201709-0173",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01489"
},
{
"db": "VULHUB",
"id": "VHN-79148"
}
],
"trust": 1.1355158666666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01489"
}
]
},
"last_update_date": "2025-11-18T15:18:05.114000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://us.dlink.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.trendnet.com/home"
},
{
"title": "The Register",
"trust": 0.2,
"url": "https://www.theregister.co.uk/2015/05/26/new_dns_router_attack/"
},
{
"title": "Known Exploited Vulnerabilities Detector",
"trust": 0.1,
"url": "https://github.com/Ostorlab/KEV "
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/exploit-kit-using-csrf-to-redirect-soho-router-dns-settings/112993/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-1187"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007962"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-79148"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007962"
},
{
"db": "NVD",
"id": "CVE-2015-1187"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://seclists.org/fulldisclosure/2015/mar/15"
},
{
"trust": 2.6,
"url": "https://github.com/darkarnium/secpub/tree/master/multivendor/ncc2"
},
{
"trust": 2.1,
"url": "http://securityadvisories.dlink.com/security/publication.aspx?name=sap10052"
},
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/72848"
},
{
"trust": 1.8,
"url": "http://packetstormsecurity.com/files/130607/d-link-dir636l-remote-command-injection.html"
},
{
"trust": 1.8,
"url": "http://packetstormsecurity.com/files/131465/d-link-trendnet-ncc-service-command-injection.html"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2015-1187"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1187"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1187"
},
{
"trust": 0.3,
"url": "http://www.dlink.com/"
},
{
"trust": 0.3,
"url": "http://www.dlink.co.in/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/287.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/41677/"
},
{
"trust": 0.1,
"url": "https://threatpost.com/exploit-kit-using-csrf-to-redirect-soho-router-dns-settings/112993/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01489"
},
{
"db": "VULHUB",
"id": "VHN-79148"
},
{
"db": "VULMON",
"id": "CVE-2015-1187"
},
{
"db": "BID",
"id": "72848"
},
{
"db": "BID",
"id": "72865"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-213"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007962"
},
{
"db": "NVD",
"id": "CVE-2015-1187"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-01489"
},
{
"db": "VULHUB",
"id": "VHN-79148"
},
{
"db": "VULMON",
"id": "CVE-2015-1187"
},
{
"db": "BID",
"id": "72848"
},
{
"db": "BID",
"id": "72865"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-213"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007962"
},
{
"db": "NVD",
"id": "CVE-2015-1187"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-03-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-01489"
},
{
"date": "2017-09-21T00:00:00",
"db": "VULHUB",
"id": "VHN-79148"
},
{
"date": "2017-09-21T00:00:00",
"db": "VULMON",
"id": "CVE-2015-1187"
},
{
"date": "2015-03-02T00:00:00",
"db": "BID",
"id": "72848"
},
{
"date": "2015-03-02T00:00:00",
"db": "BID",
"id": "72865"
},
{
"date": "2015-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201503-213"
},
{
"date": "2017-10-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007962"
},
{
"date": "2017-09-21T16:29:00.147000",
"db": "NVD",
"id": "CVE-2015-1187"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-03-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-01489"
},
{
"date": "2017-10-05T00:00:00",
"db": "VULHUB",
"id": "VHN-79148"
},
{
"date": "2023-11-08T00:00:00",
"db": "VULMON",
"id": "CVE-2015-1187"
},
{
"date": "2015-03-02T00:00:00",
"db": "BID",
"id": "72848"
},
{
"date": "2015-03-02T00:00:00",
"db": "BID",
"id": "72865"
},
{
"date": "2023-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201503-213"
},
{
"date": "2017-10-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007962"
},
{
"date": "2025-10-22T00:15:40.120000",
"db": "NVD",
"id": "CVE-2015-1187"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "72848"
},
{
"db": "BID",
"id": "72865"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link and TRENDnet Authentication vulnerabilities in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007962"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201503-213"
}
],
"trust": 0.6
}
}
VAR-202411-2224
Vulnerability from variot - Updated: 2025-04-11 22:51TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the macList_Name_1.1.1.0.0 parameter on the /filters.htm page. TRENDnet of TEW-651BR Firmware, TEW-652BRP firmware, TEW-652BRU Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202411-2224",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tew-652bru",
"scope": "eq",
"trust": 1.0,
"vendor": "trendnet",
"version": "1.00b12"
},
{
"model": "tew-652brp",
"scope": "eq",
"trust": 1.0,
"vendor": "trendnet",
"version": "3.04b01"
},
{
"model": "tew-651br",
"scope": "eq",
"trust": 1.0,
"vendor": "trendnet",
"version": "2.04b1"
},
{
"model": "tew-651br \u30d5\u30a1\u30fc\u30e0\u30a6\u30a8\u30a2",
"scope": null,
"trust": 0.8,
"vendor": "trendnet",
"version": null
},
{
"model": "tew-652bru",
"scope": null,
"trust": 0.8,
"vendor": "trendnet",
"version": null
},
{
"model": "tew-652brp",
"scope": null,
"trust": 0.8,
"vendor": "trendnet",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-021664"
},
{
"db": "NVD",
"id": "CVE-2024-51189"
}
]
},
"cve": "CVE-2024-51189",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.7,
"id": "CVE-2024-51189",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 4.8,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2024-021664",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2024-51189",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "OTHER",
"id": "JVNDB-2024-021664",
"trust": 0.8,
"value": "Medium"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-021664"
},
{
"db": "NVD",
"id": "CVE-2024-51189"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the macList_Name_1.1.1.0.0 parameter on the /filters.htm page. TRENDnet of TEW-651BR Firmware, TEW-652BRP firmware, TEW-652BRU Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-51189"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-021664"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-51189",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2024-021664",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-021664"
},
{
"db": "NVD",
"id": "CVE-2024-51189"
}
]
},
"id": "VAR-202411-2224",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.6527778
},
"last_update_date": "2025-04-11T22:51:59.355000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
},
{
"problemtype": "Cross-site scripting (CWE-79) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-021664"
},
{
"db": "NVD",
"id": "CVE-2024-51189"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://github.com/4hsien/cve-vulns/blob/main/trendnet/tew-652brp/xss_filter/readme.md"
},
{
"trust": 1.0,
"url": "https://www.trendnet.com/products/product-detail?prod=235_tew-651br"
},
{
"trust": 1.0,
"url": "https://www.trendnet.com/products/product-detail?prod=245_tew-652bru"
},
{
"trust": 1.0,
"url": "https://www.trendnet.com/products/product-detail?prod=235_tew-652brp"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-51189"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-021664"
},
{
"db": "NVD",
"id": "CVE-2024-51189"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2024-021664"
},
{
"db": "NVD",
"id": "CVE-2024-51189"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-04-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-021664"
},
{
"date": "2024-11-11T20:15:18.060000",
"db": "NVD",
"id": "CVE-2024-51189"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-04-08T09:13:00",
"db": "JVNDB",
"id": "JVNDB-2024-021664"
},
{
"date": "2025-04-01T18:21:08.997000",
"db": "NVD",
"id": "CVE-2024-51189"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0TRENDnet\u00a0 Cross-site scripting vulnerability in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-021664"
}
],
"trust": 0.8
}
}
VAR-202411-3144
Vulnerability from variot - Updated: 2025-04-05 01:36TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the vsRule_VirtualServerName_1.1.10.0.0 parameter on the /virtual_server.htm page. TRENDnet of TEW-651BR Firmware, TEW-652BRP firmware, TEW-652BRU Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202411-3144",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tew-652bru",
"scope": "eq",
"trust": 1.0,
"vendor": "trendnet",
"version": "1.00b12"
},
{
"model": "tew-652brp",
"scope": "eq",
"trust": 1.0,
"vendor": "trendnet",
"version": "3.04b01"
},
{
"model": "tew-651br",
"scope": "eq",
"trust": 1.0,
"vendor": "trendnet",
"version": "2.04b1"
},
{
"model": "tew-652brp",
"scope": null,
"trust": 0.8,
"vendor": "trendnet",
"version": null
},
{
"model": "tew-651br \u30d5\u30a1\u30fc\u30e0\u30a6\u30a8\u30a2",
"scope": null,
"trust": 0.8,
"vendor": "trendnet",
"version": null
},
{
"model": "tew-652bru",
"scope": null,
"trust": 0.8,
"vendor": "trendnet",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-021293"
},
{
"db": "NVD",
"id": "CVE-2024-51188"
}
]
},
"cve": "CVE-2024-51188",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.7,
"id": "CVE-2024-51188",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 4.8,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2024-021293",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2024-51188",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "OTHER",
"id": "JVNDB-2024-021293",
"trust": 0.8,
"value": "Medium"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-021293"
},
{
"db": "NVD",
"id": "CVE-2024-51188"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the vsRule_VirtualServerName_1.1.10.0.0 parameter on the /virtual_server.htm page. TRENDnet of TEW-651BR Firmware, TEW-652BRP firmware, TEW-652BRU Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-51188"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-021293"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-51188",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2024-021293",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-021293"
},
{
"db": "NVD",
"id": "CVE-2024-51188"
}
]
},
"id": "VAR-202411-3144",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.6527778
},
"last_update_date": "2025-04-05T01:36:24.472000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
},
{
"problemtype": "Cross-site scripting (CWE-79) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-021293"
},
{
"db": "NVD",
"id": "CVE-2024-51188"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://github.com/4hsien/cve-vulns/blob/main/trendnet/tew-652brp/xss_virtual_server/readme.md"
},
{
"trust": 1.0,
"url": "https://www.trendnet.com/products/product-detail?prod=235_tew-651br"
},
{
"trust": 1.0,
"url": "https://www.trendnet.com/products/product-detail?prod=245_tew-652bru"
},
{
"trust": 1.0,
"url": "https://www.trendnet.com/products/product-detail?prod=235_tew-652brp"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-51188"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-021293"
},
{
"db": "NVD",
"id": "CVE-2024-51188"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2024-021293"
},
{
"db": "NVD",
"id": "CVE-2024-51188"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-04-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-021293"
},
{
"date": "2024-11-11T20:15:18",
"db": "NVD",
"id": "CVE-2024-51188"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-04-02T08:58:00",
"db": "JVNDB",
"id": "JVNDB-2024-021293"
},
{
"date": "2025-04-01T18:21:05.200000",
"db": "NVD",
"id": "CVE-2024-51188"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0TRENDnet\u00a0 Cross-site scripting vulnerability in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-021293"
}
],
"trust": 0.8
}
}
VAR-202411-3433
Vulnerability from variot - Updated: 2025-04-03 22:31TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the firewallRule_Name_1.1.1.0.0 parameter on the /firewall_setting.htm page. TRENDnet of TEW-651BR Firmware, TEW-652BRP firmware, TEW-652BRU Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202411-3433",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tew-652bru",
"scope": "eq",
"trust": 1.0,
"vendor": "trendnet",
"version": "1.00b12"
},
{
"model": "tew-652brp",
"scope": "eq",
"trust": 1.0,
"vendor": "trendnet",
"version": "3.04b01"
},
{
"model": "tew-651br",
"scope": "eq",
"trust": 1.0,
"vendor": "trendnet",
"version": "2.04b1"
},
{
"model": "tew-652brp",
"scope": null,
"trust": 0.8,
"vendor": "trendnet",
"version": null
},
{
"model": "tew-651br \u30d5\u30a1\u30fc\u30e0\u30a6\u30a8\u30a2",
"scope": null,
"trust": 0.8,
"vendor": "trendnet",
"version": null
},
{
"model": "tew-652bru",
"scope": null,
"trust": 0.8,
"vendor": "trendnet",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-021272"
},
{
"db": "NVD",
"id": "CVE-2024-51187"
}
]
},
"cve": "CVE-2024-51187",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.7,
"id": "CVE-2024-51187",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 4.8,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2024-021272",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2024-51187",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "OTHER",
"id": "JVNDB-2024-021272",
"trust": 0.8,
"value": "Medium"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-021272"
},
{
"db": "NVD",
"id": "CVE-2024-51187"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the firewallRule_Name_1.1.1.0.0 parameter on the /firewall_setting.htm page. TRENDnet of TEW-651BR Firmware, TEW-652BRP firmware, TEW-652BRU Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-51187"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-021272"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-51187",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2024-021272",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-021272"
},
{
"db": "NVD",
"id": "CVE-2024-51187"
}
]
},
"id": "VAR-202411-3433",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.6527778
},
"last_update_date": "2025-04-03T22:31:04.919000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
},
{
"problemtype": "Cross-site scripting (CWE-79) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-021272"
},
{
"db": "NVD",
"id": "CVE-2024-51187"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://github.com/4hsien/cve-vulns/blob/main/trendnet/tew-652brp/xss_firewall_rule/readme.md"
},
{
"trust": 1.0,
"url": "https://www.trendnet.com/products/product-detail?prod=235_tew-651br"
},
{
"trust": 1.0,
"url": "https://www.trendnet.com/products/product-detail?prod=245_tew-652bru"
},
{
"trust": 1.0,
"url": "https://www.trendnet.com/products/product-detail?prod=235_tew-652brp"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-51187"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-021272"
},
{
"db": "NVD",
"id": "CVE-2024-51187"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2024-021272"
},
{
"db": "NVD",
"id": "CVE-2024-51187"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-04-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-021272"
},
{
"date": "2024-11-11T20:15:17.943000",
"db": "NVD",
"id": "CVE-2024-51187"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-04-02T07:58:00",
"db": "JVNDB",
"id": "JVNDB-2024-021272"
},
{
"date": "2025-04-01T18:20:57.320000",
"db": "NVD",
"id": "CVE-2024-51187"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0TRENDnet\u00a0 Cross-site scripting vulnerability in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-021272"
}
],
"trust": 0.8
}
}
VAR-202411-2779
Vulnerability from variot - Updated: 2025-04-03 22:26TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the ptRule_ApplicationName_1.1.6.0.0 parameter on the /special_ap.htm page. TRENDnet of TEW-651BR Firmware, TEW-652BRP firmware, TEW-652BRU Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202411-2779",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tew-652bru",
"scope": "eq",
"trust": 1.0,
"vendor": "trendnet",
"version": "1.00b12"
},
{
"model": "tew-652brp",
"scope": "eq",
"trust": 1.0,
"vendor": "trendnet",
"version": "3.04b01"
},
{
"model": "tew-651br",
"scope": "eq",
"trust": 1.0,
"vendor": "trendnet",
"version": "2.04b1"
},
{
"model": "tew-652brp",
"scope": null,
"trust": 0.8,
"vendor": "trendnet",
"version": null
},
{
"model": "tew-651br \u30d5\u30a1\u30fc\u30e0\u30a6\u30a8\u30a2",
"scope": null,
"trust": 0.8,
"vendor": "trendnet",
"version": null
},
{
"model": "tew-652bru",
"scope": null,
"trust": 0.8,
"vendor": "trendnet",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-021271"
},
{
"db": "NVD",
"id": "CVE-2024-51190"
}
]
},
"cve": "CVE-2024-51190",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.7,
"id": "CVE-2024-51190",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 4.8,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2024-021271",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2024-51190",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "OTHER",
"id": "JVNDB-2024-021271",
"trust": 0.8,
"value": "Medium"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-021271"
},
{
"db": "NVD",
"id": "CVE-2024-51190"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the ptRule_ApplicationName_1.1.6.0.0 parameter on the /special_ap.htm page. TRENDnet of TEW-651BR Firmware, TEW-652BRP firmware, TEW-652BRU Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-51190"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-021271"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-51190",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2024-021271",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-021271"
},
{
"db": "NVD",
"id": "CVE-2024-51190"
}
]
},
"id": "VAR-202411-2779",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.6527778
},
"last_update_date": "2025-04-03T22:26:32.137000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
},
{
"problemtype": "Cross-site scripting (CWE-79) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-021271"
},
{
"db": "NVD",
"id": "CVE-2024-51190"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://github.com/4hsien/cve-vulns/blob/main/trendnet/tew-652brp/xss_special_ap/readme.md"
},
{
"trust": 1.0,
"url": "https://www.trendnet.com/products/product-detail?prod=235_tew-651br"
},
{
"trust": 1.0,
"url": "https://www.trendnet.com/products/product-detail?prod=245_tew-652bru"
},
{
"trust": 1.0,
"url": "https://www.trendnet.com/products/product-detail?prod=235_tew-652brp"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-51190"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-021271"
},
{
"db": "NVD",
"id": "CVE-2024-51190"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2024-021271"
},
{
"db": "NVD",
"id": "CVE-2024-51190"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-04-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-021271"
},
{
"date": "2024-11-11T20:15:18.117000",
"db": "NVD",
"id": "CVE-2024-51190"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-04-02T07:58:00",
"db": "JVNDB",
"id": "JVNDB-2024-021271"
},
{
"date": "2025-04-01T18:21:12.547000",
"db": "NVD",
"id": "CVE-2024-51190"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0TRENDnet\u00a0 Cross-site scripting vulnerability in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-021271"
}
],
"trust": 0.8
}
}
VAR-201912-1730
Vulnerability from variot - Updated: 2024-11-23 22:11An issue was discovered on TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices. OS command injection occurs through the get_set.ccp lanHostCfg_HostName_1.1.1.0.0 parameter. TRENDnet TEW-651BR , TEW-652BRP , TEW-652BRU The device includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TRENDnet TEW-651BR and others are all wireless routers from TRENDnet.
An operating system command injection vulnerability exists in TRENDnet TEW-651BR version 2.04B1, TEW-652BRP version 3.04b01, and TEW-652BRU version 1.00b12. The vulnerability originates from the process of externally inputting data to construct the executable command of the operating system, and the network system or product does not properly filter the special characters, commands, etc., and an attacker can use this vulnerability to execute illegal operating system commands
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201912-1730",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tew-651br",
"scope": "eq",
"trust": 1.8,
"vendor": "trendnet",
"version": "2.04b1"
},
{
"model": "tew-652brp",
"scope": "eq",
"trust": 1.8,
"vendor": "trendnet",
"version": "3.04b01"
},
{
"model": "tew-652bru",
"scope": "eq",
"trust": 1.8,
"vendor": "trendnet",
"version": "1.00b12"
},
{
"model": "tew-651br 2.04b1",
"scope": null,
"trust": 0.6,
"vendor": "trendnet",
"version": null
},
{
"model": "tew-652brp 3.04b01",
"scope": null,
"trust": 0.6,
"vendor": "trendnet",
"version": null
},
{
"model": "tew-652bru 1.00b12",
"scope": null,
"trust": 0.6,
"vendor": "trendnet",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-01012"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013378"
},
{
"db": "NVD",
"id": "CVE-2019-11399"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:trendnet:tew-651br_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:trendnet:tew-652brp_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:trendnet:tew-652bru_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013378"
}
]
},
"cve": "CVE-2019-11399",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-11399",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-01012",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-11399",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-11399",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-11399",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2019-11399",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-01012",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201912-850",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2019-11399",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-01012"
},
{
"db": "VULMON",
"id": "CVE-2019-11399"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013378"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-850"
},
{
"db": "NVD",
"id": "CVE-2019-11399"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices. OS command injection occurs through the get_set.ccp lanHostCfg_HostName_1.1.1.0.0 parameter. TRENDnet TEW-651BR , TEW-652BRP , TEW-652BRU The device includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TRENDnet TEW-651BR and others are all wireless routers from TRENDnet. \n\nAn operating system command injection vulnerability exists in TRENDnet TEW-651BR version 2.04B1, TEW-652BRP version 3.04b01, and TEW-652BRU version 1.00b12. The vulnerability originates from the process of externally inputting data to construct the executable command of the operating system, and the network system or product does not properly filter the special characters, commands, etc., and an attacker can use this vulnerability to execute illegal operating system commands",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-11399"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013378"
},
{
"db": "CNVD",
"id": "CNVD-2020-01012"
},
{
"db": "VULMON",
"id": "CVE-2019-11399"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-11399",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013378",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-01012",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201912-850",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-11399",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-01012"
},
{
"db": "VULMON",
"id": "CVE-2019-11399"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013378"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-850"
},
{
"db": "NVD",
"id": "CVE-2019-11399"
}
]
},
"id": "VAR-201912-1730",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-01012"
}
],
"trust": 1.2527778
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-01012"
}
]
},
"last_update_date": "2024-11-23T22:11:40.838000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "support",
"trust": 0.8,
"url": "https://www.trendnet.com/support/"
},
{
"title": "FirmAE",
"trust": 0.1,
"url": "https://github.com/pr0v3rbs/FirmAE "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/sinword/FirmAE_Connlab "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-11399"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013378"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013378"
},
{
"db": "NVD",
"id": "CVE-2019-11399"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://github.com/pr0v3rbs/cve/blob/master/cve-2019-11399/ticket.png"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11399"
},
{
"trust": 1.7,
"url": "https://www.trendnet.com/support/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11399"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/pr0v3rbs/firmae"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-01012"
},
{
"db": "VULMON",
"id": "CVE-2019-11399"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013378"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-850"
},
{
"db": "NVD",
"id": "CVE-2019-11399"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-01012"
},
{
"db": "VULMON",
"id": "CVE-2019-11399"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013378"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-850"
},
{
"db": "NVD",
"id": "CVE-2019-11399"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-01012"
},
{
"date": "2019-12-18T00:00:00",
"db": "VULMON",
"id": "CVE-2019-11399"
},
{
"date": "2019-12-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013378"
},
{
"date": "2019-12-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-850"
},
{
"date": "2019-12-18T15:15:10.803000",
"db": "NVD",
"id": "CVE-2019-11399"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-01012"
},
{
"date": "2019-12-23T00:00:00",
"db": "VULMON",
"id": "CVE-2019-11399"
},
{
"date": "2019-12-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013378"
},
{
"date": "2020-06-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-850"
},
{
"date": "2024-11-21T04:21:01.877000",
"db": "NVD",
"id": "CVE-2019-11399"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-850"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural TRENDnet In product devices OS Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013378"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-850"
}
],
"trust": 0.6
}
}
VAR-201912-1731
Vulnerability from variot - Updated: 2024-11-23 21:36An issue was discovered on TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices. A buffer overflow occurs through the get_set.ccp ccp_act parameter. TRENDnet TEW-651BR , TEW-652BRP , TEW-652BRU The device contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TRENDnet TEW-651BR and others are all wireless routers from TRENDnet.
A buffer overflow vulnerability exists in TRENDnet TEW-651BR version 2.04B1, TEW-652BRP version 3.04b01, and TEW-652BRU version 1.00b12. The vulnerability originates from a network system or product that incorrectly validates data boundaries when performing operations on memory, causing incorrect read and write operations to be associated with other memory locations
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201912-1731",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tew-651br",
"scope": "eq",
"trust": 1.8,
"vendor": "trendnet",
"version": "2.04b1"
},
{
"model": "tew-652brp",
"scope": "eq",
"trust": 1.8,
"vendor": "trendnet",
"version": "3.04b01"
},
{
"model": "tew-652bru",
"scope": "eq",
"trust": 1.8,
"vendor": "trendnet",
"version": "1.00b12"
},
{
"model": "tew-651br 2.04b1",
"scope": null,
"trust": 0.6,
"vendor": "trendnet",
"version": null
},
{
"model": "tew-652brp 3.04b01",
"scope": null,
"trust": 0.6,
"vendor": "trendnet",
"version": null
},
{
"model": "tew-652bru 1.00b12",
"scope": null,
"trust": 0.6,
"vendor": "trendnet",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-01011"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013379"
},
{
"db": "NVD",
"id": "CVE-2019-11400"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:trendnet:tew-651br_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:trendnet:tew-652brp_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:trendnet:tew-652bru_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013379"
}
]
},
"cve": "CVE-2019-11400",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-11400",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-01011",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-11400",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-11400",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-11400",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2019-11400",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-01011",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201912-851",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-11400",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-01011"
},
{
"db": "VULMON",
"id": "CVE-2019-11400"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013379"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-851"
},
{
"db": "NVD",
"id": "CVE-2019-11400"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices. A buffer overflow occurs through the get_set.ccp ccp_act parameter. TRENDnet TEW-651BR , TEW-652BRP , TEW-652BRU The device contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TRENDnet TEW-651BR and others are all wireless routers from TRENDnet. \n\nA buffer overflow vulnerability exists in TRENDnet TEW-651BR version 2.04B1, TEW-652BRP version 3.04b01, and TEW-652BRU version 1.00b12. The vulnerability originates from a network system or product that incorrectly validates data boundaries when performing operations on memory, causing incorrect read and write operations to be associated with other memory locations",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-11400"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013379"
},
{
"db": "CNVD",
"id": "CNVD-2020-01011"
},
{
"db": "VULMON",
"id": "CVE-2019-11400"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-11400",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013379",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-01011",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201912-851",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-11400",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-01011"
},
{
"db": "VULMON",
"id": "CVE-2019-11400"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013379"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-851"
},
{
"db": "NVD",
"id": "CVE-2019-11400"
}
]
},
"id": "VAR-201912-1731",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-01011"
}
],
"trust": 1.2527778
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-01011"
}
]
},
"last_update_date": "2024-11-23T21:36:15.417000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "support",
"trust": 0.8,
"url": "https://www.trendnet.com/support/"
},
{
"title": "FirmAE",
"trust": 0.1,
"url": "https://github.com/pr0v3rbs/FirmAE "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/sinword/FirmAE_Connlab "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-11400"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013379"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013379"
},
{
"db": "NVD",
"id": "CVE-2019-11400"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://www.trendnet.com/support/"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11400"
},
{
"trust": 1.7,
"url": "https://github.com/pr0v3rbs/cve/blob/master/cve-2019-11400/ticket.png"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11400"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/pr0v3rbs/firmae"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-01011"
},
{
"db": "VULMON",
"id": "CVE-2019-11400"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013379"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-851"
},
{
"db": "NVD",
"id": "CVE-2019-11400"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-01011"
},
{
"db": "VULMON",
"id": "CVE-2019-11400"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013379"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-851"
},
{
"db": "NVD",
"id": "CVE-2019-11400"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-01011"
},
{
"date": "2019-12-18T00:00:00",
"db": "VULMON",
"id": "CVE-2019-11400"
},
{
"date": "2019-12-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013379"
},
{
"date": "2019-12-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-851"
},
{
"date": "2019-12-18T15:15:11.240000",
"db": "NVD",
"id": "CVE-2019-11400"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-01011"
},
{
"date": "2019-12-23T00:00:00",
"db": "VULMON",
"id": "CVE-2019-11400"
},
{
"date": "2019-12-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013379"
},
{
"date": "2022-03-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-851"
},
{
"date": "2024-11-21T04:21:02.047000",
"db": "NVD",
"id": "CVE-2019-11400"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-851"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural TRENDnet Buffer error vulnerability in product devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013379"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-851"
}
],
"trust": 0.6
}
}