Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
14 vulnerabilities found for tew-651br_firmware by trendnet
CVE-2024-51190 (GCVE-0-2024-51190)
Vulnerability from nvd – Published: 2024-11-11 00:00 – Updated: 2024-11-12 01:58
VLAI?
Summary
TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the ptRule_ApplicationName_1.1.6.0.0 parameter on the /special_ap.htm page.
Severity ?
4.8 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:trendnet:tew-651br_firmware:2.04b1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tew-651br_firmware",
"vendor": "trendnet",
"versions": [
{
"status": "affected",
"version": "2.04b1"
}
]
},
{
"cpes": [
"cpe:2.3:o:trendnet:tew-652brp_firmware:3.04b01:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tew-652brp_firmware",
"vendor": "trendnet",
"versions": [
{
"status": "affected",
"version": "3.04b01"
}
]
},
{
"cpes": [
"cpe:2.3:o:trendnet:tew-652bru_firmware:1.00b12:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tew-652bru_firmware",
"vendor": "trendnet",
"versions": [
{
"status": "affected",
"version": "1.00b12"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-51190",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-12T01:55:33.224215Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T01:58:32.502Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the ptRule_ApplicationName_1.1.6.0.0 parameter on the /special_ap.htm page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-11T19:54:07.788Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.trendnet.com/products/product-detail?prod=245_TEW-652BRU"
},
{
"url": "https://www.trendnet.com/products/product-detail?prod=235_TEW-651BR"
},
{
"url": "https://www.trendnet.com/products/product-detail?prod=235_TEW-652BRP"
},
{
"url": "https://github.com/4hsien/CVE-vulns/blob/main/TRENDnet/TEW-652BRP/XSS_Special_AP/README.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-51190",
"datePublished": "2024-11-11T00:00:00.000Z",
"dateReserved": "2024-10-28T00:00:00.000Z",
"dateUpdated": "2024-11-12T01:58:32.502Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-51189 (GCVE-0-2024-51189)
Vulnerability from nvd – Published: 2024-11-11 00:00 – Updated: 2024-11-12 01:57
VLAI?
Summary
TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the macList_Name_1.1.1.0.0 parameter on the /filters.htm page.
Severity ?
4.8 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:trendnet:tew-651br_firmware:2.04b1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tew-651br_firmware",
"vendor": "trendnet",
"versions": [
{
"status": "affected",
"version": "2.04b1"
}
]
},
{
"cpes": [
"cpe:2.3:o:trendnet:tew-652brp_firmware:3.04b01:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tew-652brp_firmware",
"vendor": "trendnet",
"versions": [
{
"status": "affected",
"version": "3.04b01"
}
]
},
{
"cpes": [
"cpe:2.3:o:trendnet:tew-652bru_firmware:1.00b12:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tew-652bru_firmware",
"vendor": "trendnet",
"versions": [
{
"status": "affected",
"version": "1.00b12"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-51189",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-12T01:55:41.960063Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T01:57:03.331Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the macList_Name_1.1.1.0.0 parameter on the /filters.htm page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-11T19:58:05.418Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.trendnet.com/products/product-detail?prod=245_TEW-652BRU"
},
{
"url": "https://www.trendnet.com/products/product-detail?prod=235_TEW-651BR"
},
{
"url": "https://www.trendnet.com/products/product-detail?prod=235_TEW-652BRP"
},
{
"url": "https://github.com/4hsien/CVE-vulns/blob/main/TRENDnet/TEW-652BRP/XSS_Filter/README.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-51189",
"datePublished": "2024-11-11T00:00:00.000Z",
"dateReserved": "2024-10-28T00:00:00.000Z",
"dateUpdated": "2024-11-12T01:57:03.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-51188 (GCVE-0-2024-51188)
Vulnerability from nvd – Published: 2024-11-11 00:00 – Updated: 2024-11-12 01:58
VLAI?
Summary
TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the vsRule_VirtualServerName_1.1.10.0.0 parameter on the /virtual_server.htm page.
Severity ?
4.8 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:trendnet:tew-651br_firmware:2.04b1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tew-651br_firmware",
"vendor": "trendnet",
"versions": [
{
"status": "affected",
"version": "2.04b1"
}
]
},
{
"cpes": [
"cpe:2.3:o:trendnet:tew-652brp_firmware:3.04b01:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tew-652brp_firmware",
"vendor": "trendnet",
"versions": [
{
"status": "affected",
"version": "3.04b01"
}
]
},
{
"cpes": [
"cpe:2.3:o:trendnet:tew-652bru_firmware:1.00b12:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tew-652bru_firmware",
"vendor": "trendnet",
"versions": [
{
"status": "affected",
"version": "1.00b12"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-51188",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-12T01:55:24.915218Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T01:58:54.182Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the vsRule_VirtualServerName_1.1.10.0.0 parameter on the /virtual_server.htm page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-11T20:01:31.844Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.trendnet.com/products/product-detail?prod=245_TEW-652BRU"
},
{
"url": "https://www.trendnet.com/products/product-detail?prod=235_TEW-651BR"
},
{
"url": "https://www.trendnet.com/products/product-detail?prod=235_TEW-652BRP"
},
{
"url": "https://github.com/4hsien/CVE-vulns/blob/main/TRENDnet/TEW-652BRP/XSS_Virtual_Server/README.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-51188",
"datePublished": "2024-11-11T00:00:00.000Z",
"dateReserved": "2024-10-28T00:00:00.000Z",
"dateUpdated": "2024-11-12T01:58:54.182Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-51187 (GCVE-0-2024-51187)
Vulnerability from nvd – Published: 2024-11-11 00:00 – Updated: 2024-11-12 01:59
VLAI?
Summary
TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the firewallRule_Name_1.1.1.0.0 parameter on the /firewall_setting.htm page.
Severity ?
4.8 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:trendnet:tew-651br_firmware:2.04b1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tew-651br_firmware",
"vendor": "trendnet",
"versions": [
{
"status": "affected",
"version": "2.04b1"
}
]
},
{
"cpes": [
"cpe:2.3:o:trendnet:tew-652brp_firmware:3.04b01:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tew-652brp_firmware",
"vendor": "trendnet",
"versions": [
{
"status": "affected",
"version": "3.04b01"
}
]
},
{
"cpes": [
"cpe:2.3:o:trendnet:tew-652bru_firmware:1.00b12:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tew-652bru_firmware",
"vendor": "trendnet",
"versions": [
{
"status": "affected",
"version": "1.00b12"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-51187",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-12T01:54:12.339962Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T01:59:15.239Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the firewallRule_Name_1.1.1.0.0 parameter on the /firewall_setting.htm page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-11T19:49:42.153Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.trendnet.com/products/product-detail?prod=245_TEW-652BRU"
},
{
"url": "https://www.trendnet.com/products/product-detail?prod=235_TEW-651BR"
},
{
"url": "https://www.trendnet.com/products/product-detail?prod=235_TEW-652BRP"
},
{
"url": "https://github.com/4hsien/CVE-vulns/blob/main/TRENDnet/TEW-652BRP/XSS_Firewall_Rule/README.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-51187",
"datePublished": "2024-11-11T00:00:00.000Z",
"dateReserved": "2024-10-28T00:00:00.000Z",
"dateUpdated": "2024-11-12T01:59:15.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11400 (GCVE-0-2019-11400)
Vulnerability from nvd – Published: 2019-12-18 14:57 – Updated: 2024-08-04 22:55
VLAI?
Summary
An issue was discovered on TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices. A buffer overflow occurs through the get_set.ccp ccp_act parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:55:39.562Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.trendnet.com/support/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pr0v3rbs/CVE/blob/master/CVE-2019-11400/ticket.png"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices. A buffer overflow occurs through the get_set.ccp ccp_act parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-18T14:57:51.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.trendnet.com/support/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pr0v3rbs/CVE/blob/master/CVE-2019-11400/ticket.png"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11400",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices. A buffer overflow occurs through the get_set.ccp ccp_act parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.trendnet.com/support/",
"refsource": "MISC",
"url": "https://www.trendnet.com/support/"
},
{
"name": "https://github.com/pr0v3rbs/CVE/blob/master/CVE-2019-11400/ticket.png",
"refsource": "MISC",
"url": "https://github.com/pr0v3rbs/CVE/blob/master/CVE-2019-11400/ticket.png"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11400",
"datePublished": "2019-12-18T14:57:51.000Z",
"dateReserved": "2019-04-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:55:39.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11399 (GCVE-0-2019-11399)
Vulnerability from nvd – Published: 2019-12-18 14:52 – Updated: 2024-08-04 22:55
VLAI?
Summary
An issue was discovered on TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices. OS command injection occurs through the get_set.ccp lanHostCfg_HostName_1.1.1.0.0 parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:55:40.922Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.trendnet.com/support/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pr0v3rbs/CVE/blob/master/CVE-2019-11399/ticket.png"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices. OS command injection occurs through the get_set.ccp lanHostCfg_HostName_1.1.1.0.0 parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-18T14:52:41.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.trendnet.com/support/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pr0v3rbs/CVE/blob/master/CVE-2019-11399/ticket.png"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11399",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices. OS command injection occurs through the get_set.ccp lanHostCfg_HostName_1.1.1.0.0 parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.trendnet.com/support/",
"refsource": "MISC",
"url": "https://www.trendnet.com/support/"
},
{
"name": "https://github.com/pr0v3rbs/CVE/blob/master/CVE-2019-11399/ticket.png",
"refsource": "MISC",
"url": "https://github.com/pr0v3rbs/CVE/blob/master/CVE-2019-11399/ticket.png"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11399",
"datePublished": "2019-12-18T14:52:41.000Z",
"dateReserved": "2019-04-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:55:40.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1187 (GCVE-0-2015-1187)
Vulnerability from nvd – Published: 2017-09-21 16:00 – Updated: 2025-10-21 23:55
VLAI?
Summary
The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2015-02-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:33:20.608Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10052"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/130607/D-Link-DIR636L-Remote-Command-Injection.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/131465/D-Link-TRENDnet-NCC-Service-Command-Injection.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/darkarnium/secpub/tree/master/Multivendor/ncc2"
},
{
"name": "72848",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72848"
},
{
"name": "20150302 CVE-2015-1187: D-Link DIR-636L Remote Command Injection - Incorrect Authentication",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Mar/15"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2015-1187",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T14:07:40.718389Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-03-25",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-1187"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:55:34.177Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-1187"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-03-25T00:00:00.000Z",
"value": "CVE-2015-1187 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-02-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-21T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10052"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/130607/D-Link-DIR636L-Remote-Command-Injection.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/131465/D-Link-TRENDnet-NCC-Service-Command-Injection.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/darkarnium/secpub/tree/master/Multivendor/ncc2"
},
{
"name": "72848",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72848"
},
{
"name": "20150302 CVE-2015-1187: D-Link DIR-636L Remote Command Injection - Incorrect Authentication",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Mar/15"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1187",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10052",
"refsource": "CONFIRM",
"url": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10052"
},
{
"name": "http://packetstormsecurity.com/files/130607/D-Link-DIR636L-Remote-Command-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130607/D-Link-DIR636L-Remote-Command-Injection.html"
},
{
"name": "http://packetstormsecurity.com/files/131465/D-Link-TRENDnet-NCC-Service-Command-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/131465/D-Link-TRENDnet-NCC-Service-Command-Injection.html"
},
{
"name": "https://github.com/darkarnium/secpub/tree/master/Multivendor/ncc2",
"refsource": "MISC",
"url": "https://github.com/darkarnium/secpub/tree/master/Multivendor/ncc2"
},
{
"name": "72848",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72848"
},
{
"name": "20150302 CVE-2015-1187: D-Link DIR-636L Remote Command Injection - Incorrect Authentication",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Mar/15"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-1187",
"datePublished": "2017-09-21T16:00:00.000Z",
"dateReserved": "2015-01-17T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:55:34.177Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-51189 (GCVE-0-2024-51189)
Vulnerability from cvelistv5 – Published: 2024-11-11 00:00 – Updated: 2024-11-12 01:57
VLAI?
Summary
TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the macList_Name_1.1.1.0.0 parameter on the /filters.htm page.
Severity ?
4.8 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:trendnet:tew-651br_firmware:2.04b1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tew-651br_firmware",
"vendor": "trendnet",
"versions": [
{
"status": "affected",
"version": "2.04b1"
}
]
},
{
"cpes": [
"cpe:2.3:o:trendnet:tew-652brp_firmware:3.04b01:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tew-652brp_firmware",
"vendor": "trendnet",
"versions": [
{
"status": "affected",
"version": "3.04b01"
}
]
},
{
"cpes": [
"cpe:2.3:o:trendnet:tew-652bru_firmware:1.00b12:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tew-652bru_firmware",
"vendor": "trendnet",
"versions": [
{
"status": "affected",
"version": "1.00b12"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-51189",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-12T01:55:41.960063Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T01:57:03.331Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the macList_Name_1.1.1.0.0 parameter on the /filters.htm page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-11T19:58:05.418Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.trendnet.com/products/product-detail?prod=245_TEW-652BRU"
},
{
"url": "https://www.trendnet.com/products/product-detail?prod=235_TEW-651BR"
},
{
"url": "https://www.trendnet.com/products/product-detail?prod=235_TEW-652BRP"
},
{
"url": "https://github.com/4hsien/CVE-vulns/blob/main/TRENDnet/TEW-652BRP/XSS_Filter/README.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-51189",
"datePublished": "2024-11-11T00:00:00.000Z",
"dateReserved": "2024-10-28T00:00:00.000Z",
"dateUpdated": "2024-11-12T01:57:03.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-51187 (GCVE-0-2024-51187)
Vulnerability from cvelistv5 – Published: 2024-11-11 00:00 – Updated: 2024-11-12 01:59
VLAI?
Summary
TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the firewallRule_Name_1.1.1.0.0 parameter on the /firewall_setting.htm page.
Severity ?
4.8 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:trendnet:tew-651br_firmware:2.04b1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tew-651br_firmware",
"vendor": "trendnet",
"versions": [
{
"status": "affected",
"version": "2.04b1"
}
]
},
{
"cpes": [
"cpe:2.3:o:trendnet:tew-652brp_firmware:3.04b01:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tew-652brp_firmware",
"vendor": "trendnet",
"versions": [
{
"status": "affected",
"version": "3.04b01"
}
]
},
{
"cpes": [
"cpe:2.3:o:trendnet:tew-652bru_firmware:1.00b12:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tew-652bru_firmware",
"vendor": "trendnet",
"versions": [
{
"status": "affected",
"version": "1.00b12"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-51187",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-12T01:54:12.339962Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T01:59:15.239Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the firewallRule_Name_1.1.1.0.0 parameter on the /firewall_setting.htm page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-11T19:49:42.153Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.trendnet.com/products/product-detail?prod=245_TEW-652BRU"
},
{
"url": "https://www.trendnet.com/products/product-detail?prod=235_TEW-651BR"
},
{
"url": "https://www.trendnet.com/products/product-detail?prod=235_TEW-652BRP"
},
{
"url": "https://github.com/4hsien/CVE-vulns/blob/main/TRENDnet/TEW-652BRP/XSS_Firewall_Rule/README.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-51187",
"datePublished": "2024-11-11T00:00:00.000Z",
"dateReserved": "2024-10-28T00:00:00.000Z",
"dateUpdated": "2024-11-12T01:59:15.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-51188 (GCVE-0-2024-51188)
Vulnerability from cvelistv5 – Published: 2024-11-11 00:00 – Updated: 2024-11-12 01:58
VLAI?
Summary
TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the vsRule_VirtualServerName_1.1.10.0.0 parameter on the /virtual_server.htm page.
Severity ?
4.8 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:trendnet:tew-651br_firmware:2.04b1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tew-651br_firmware",
"vendor": "trendnet",
"versions": [
{
"status": "affected",
"version": "2.04b1"
}
]
},
{
"cpes": [
"cpe:2.3:o:trendnet:tew-652brp_firmware:3.04b01:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tew-652brp_firmware",
"vendor": "trendnet",
"versions": [
{
"status": "affected",
"version": "3.04b01"
}
]
},
{
"cpes": [
"cpe:2.3:o:trendnet:tew-652bru_firmware:1.00b12:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tew-652bru_firmware",
"vendor": "trendnet",
"versions": [
{
"status": "affected",
"version": "1.00b12"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-51188",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-12T01:55:24.915218Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T01:58:54.182Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the vsRule_VirtualServerName_1.1.10.0.0 parameter on the /virtual_server.htm page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-11T20:01:31.844Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.trendnet.com/products/product-detail?prod=245_TEW-652BRU"
},
{
"url": "https://www.trendnet.com/products/product-detail?prod=235_TEW-651BR"
},
{
"url": "https://www.trendnet.com/products/product-detail?prod=235_TEW-652BRP"
},
{
"url": "https://github.com/4hsien/CVE-vulns/blob/main/TRENDnet/TEW-652BRP/XSS_Virtual_Server/README.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-51188",
"datePublished": "2024-11-11T00:00:00.000Z",
"dateReserved": "2024-10-28T00:00:00.000Z",
"dateUpdated": "2024-11-12T01:58:54.182Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-51190 (GCVE-0-2024-51190)
Vulnerability from cvelistv5 – Published: 2024-11-11 00:00 – Updated: 2024-11-12 01:58
VLAI?
Summary
TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the ptRule_ApplicationName_1.1.6.0.0 parameter on the /special_ap.htm page.
Severity ?
4.8 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:trendnet:tew-651br_firmware:2.04b1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tew-651br_firmware",
"vendor": "trendnet",
"versions": [
{
"status": "affected",
"version": "2.04b1"
}
]
},
{
"cpes": [
"cpe:2.3:o:trendnet:tew-652brp_firmware:3.04b01:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tew-652brp_firmware",
"vendor": "trendnet",
"versions": [
{
"status": "affected",
"version": "3.04b01"
}
]
},
{
"cpes": [
"cpe:2.3:o:trendnet:tew-652bru_firmware:1.00b12:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tew-652bru_firmware",
"vendor": "trendnet",
"versions": [
{
"status": "affected",
"version": "1.00b12"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-51190",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-12T01:55:33.224215Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T01:58:32.502Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the ptRule_ApplicationName_1.1.6.0.0 parameter on the /special_ap.htm page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-11T19:54:07.788Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.trendnet.com/products/product-detail?prod=245_TEW-652BRU"
},
{
"url": "https://www.trendnet.com/products/product-detail?prod=235_TEW-651BR"
},
{
"url": "https://www.trendnet.com/products/product-detail?prod=235_TEW-652BRP"
},
{
"url": "https://github.com/4hsien/CVE-vulns/blob/main/TRENDnet/TEW-652BRP/XSS_Special_AP/README.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-51190",
"datePublished": "2024-11-11T00:00:00.000Z",
"dateReserved": "2024-10-28T00:00:00.000Z",
"dateUpdated": "2024-11-12T01:58:32.502Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11400 (GCVE-0-2019-11400)
Vulnerability from cvelistv5 – Published: 2019-12-18 14:57 – Updated: 2024-08-04 22:55
VLAI?
Summary
An issue was discovered on TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices. A buffer overflow occurs through the get_set.ccp ccp_act parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:55:39.562Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.trendnet.com/support/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pr0v3rbs/CVE/blob/master/CVE-2019-11400/ticket.png"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices. A buffer overflow occurs through the get_set.ccp ccp_act parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-18T14:57:51.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.trendnet.com/support/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pr0v3rbs/CVE/blob/master/CVE-2019-11400/ticket.png"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11400",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices. A buffer overflow occurs through the get_set.ccp ccp_act parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.trendnet.com/support/",
"refsource": "MISC",
"url": "https://www.trendnet.com/support/"
},
{
"name": "https://github.com/pr0v3rbs/CVE/blob/master/CVE-2019-11400/ticket.png",
"refsource": "MISC",
"url": "https://github.com/pr0v3rbs/CVE/blob/master/CVE-2019-11400/ticket.png"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11400",
"datePublished": "2019-12-18T14:57:51.000Z",
"dateReserved": "2019-04-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:55:39.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11399 (GCVE-0-2019-11399)
Vulnerability from cvelistv5 – Published: 2019-12-18 14:52 – Updated: 2024-08-04 22:55
VLAI?
Summary
An issue was discovered on TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices. OS command injection occurs through the get_set.ccp lanHostCfg_HostName_1.1.1.0.0 parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:55:40.922Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.trendnet.com/support/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pr0v3rbs/CVE/blob/master/CVE-2019-11399/ticket.png"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices. OS command injection occurs through the get_set.ccp lanHostCfg_HostName_1.1.1.0.0 parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-18T14:52:41.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.trendnet.com/support/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pr0v3rbs/CVE/blob/master/CVE-2019-11399/ticket.png"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11399",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices. OS command injection occurs through the get_set.ccp lanHostCfg_HostName_1.1.1.0.0 parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.trendnet.com/support/",
"refsource": "MISC",
"url": "https://www.trendnet.com/support/"
},
{
"name": "https://github.com/pr0v3rbs/CVE/blob/master/CVE-2019-11399/ticket.png",
"refsource": "MISC",
"url": "https://github.com/pr0v3rbs/CVE/blob/master/CVE-2019-11399/ticket.png"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11399",
"datePublished": "2019-12-18T14:52:41.000Z",
"dateReserved": "2019-04-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:55:40.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1187 (GCVE-0-2015-1187)
Vulnerability from cvelistv5 – Published: 2017-09-21 16:00 – Updated: 2025-10-21 23:55
VLAI?
Summary
The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2015-02-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:33:20.608Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10052"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/130607/D-Link-DIR636L-Remote-Command-Injection.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/131465/D-Link-TRENDnet-NCC-Service-Command-Injection.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/darkarnium/secpub/tree/master/Multivendor/ncc2"
},
{
"name": "72848",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72848"
},
{
"name": "20150302 CVE-2015-1187: D-Link DIR-636L Remote Command Injection - Incorrect Authentication",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Mar/15"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2015-1187",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T14:07:40.718389Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-03-25",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-1187"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:55:34.177Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-1187"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-03-25T00:00:00.000Z",
"value": "CVE-2015-1187 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-02-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-21T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10052"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/130607/D-Link-DIR636L-Remote-Command-Injection.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/131465/D-Link-TRENDnet-NCC-Service-Command-Injection.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/darkarnium/secpub/tree/master/Multivendor/ncc2"
},
{
"name": "72848",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72848"
},
{
"name": "20150302 CVE-2015-1187: D-Link DIR-636L Remote Command Injection - Incorrect Authentication",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Mar/15"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1187",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10052",
"refsource": "CONFIRM",
"url": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10052"
},
{
"name": "http://packetstormsecurity.com/files/130607/D-Link-DIR636L-Remote-Command-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130607/D-Link-DIR636L-Remote-Command-Injection.html"
},
{
"name": "http://packetstormsecurity.com/files/131465/D-Link-TRENDnet-NCC-Service-Command-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/131465/D-Link-TRENDnet-NCC-Service-Command-Injection.html"
},
{
"name": "https://github.com/darkarnium/secpub/tree/master/Multivendor/ncc2",
"refsource": "MISC",
"url": "https://github.com/darkarnium/secpub/tree/master/Multivendor/ncc2"
},
{
"name": "72848",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72848"
},
{
"name": "20150302 CVE-2015-1187: D-Link DIR-636L Remote Command Injection - Incorrect Authentication",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Mar/15"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-1187",
"datePublished": "2017-09-21T16:00:00.000Z",
"dateReserved": "2015-01-17T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:55:34.177Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}