Filtered by vendor Trendnet Subscriptions
Total 140 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2018-19242 1 Trendnet 4 Tew-632brp, Tew-632brp Firmware, Tew-673gru and 1 more 2024-08-05 N/A
Buffer overflow in apply.cgi on TRENDnet TEW-632BRP 1.010B32 and TEW-673GRU devices allows attackers to hijack the control flow to any attacker-specified location by crafting a POST request payload (with authentication).
CVE-2018-19240 1 Trendnet 4 Tv-ip110wn, Tv-ip110wn Firmware, Tv-ip121wn and 1 more 2024-08-05 N/A
Buffer overflow in network.cgi on TRENDnet TV-IP110WN V1.2.2 build 68, V1.2.2.65, and V1.2.2 build 64 and TV-IP121WN V1.2.2 build 28 devices allows attackers to hijack the control flow to any attacker-specified location by crafting a POST request payload (without authentication).
CVE-2018-19239 1 Trendnet 2 Tew-673gru, Tew-673gru Firmware 2024-08-05 N/A
TRENDnet TEW-673GRU v1.00b40 devices have an OS command injection vulnerability in the start_arpping function of the timer binary, which allows remote attackers to execute arbitrary commands via three parameters (dhcpd_start, dhcpd_end, and lan_ipaddr) passed to the apply.cgi binary through a POST request.
CVE-2018-19241 1 Trendnet 4 Tv-ip110wn, Tv-ip110wn Firmware, Tv-ip121wn and 1 more 2024-08-05 N/A
Buffer overflow in video.cgi on TRENDnet TV-IP110WN V1.2.2 build 68, V1.2.2.65, and V1.2.2 build 64 and TV-IP121WN V1.2.2 build 28 devices allows attackers to hijack the control flow to any attacker-specified location by crafting a POST request payload (without authentication).
CVE-2019-13278 1 Trendnet 2 Tew-827dru, Tew-827dru Firmware 2024-08-04 N/A
TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple command injections when processing user input for the setup wizard, allowing an unauthenticated user to run arbitrary commands on the device. The vulnerability can be exercised on the local intranet or remotely if remote administration is enabled.
CVE-2019-13276 1 Trendnet 2 Tew-827dru, Tew-827dru Firmware 2024-08-04 N/A
TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains a stack-based buffer overflow in the ssi binary. The overflow allows an unauthenticated user to execute arbitrary code by providing a sufficiently long query string when POSTing to any valid cgi, txt, asp, or js file. The vulnerability can be exercised on the local intranet or remotely if remote administration is enabled.
CVE-2019-13280 1 Trendnet 2 Tew-827dru, Tew-827dru Firmware 2024-08-04 N/A
TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains a stack-based buffer overflow while returning an error message to the user about failure to resolve a hostname during a ping or traceroute attempt. This allows an authenticated user to execute arbitrary code. The exploit can be exercised on the local intranet or remotely if remote administration is enabled.
CVE-2019-13279 1 Trendnet 2 Tew-827dru, Tew-827dru Firmware 2024-08-04 N/A
TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple stack-based buffer overflows when processing user input for the setup wizard, allowing an unauthenticated user to execute arbitrary code. The vulnerability can be exercised on the local intranet or remotely if remote administration is enabled.
CVE-2019-13277 1 Trendnet 2 Tew-827dru, Tew-827dru Firmware 2024-08-04 N/A
TRENDnet TEW-827DRU with firmware up to and including 2.04B03 allows an unauthenticated attacker to execute setup wizard functionality, giving this attacker the ability to change configuration values, potentially leading to a denial of service. The request can be made on the local intranet or remotely if remote administration is enabled.
CVE-2019-13150 1 Trendnet 2 Tew-827dru, Tew-827dru Firmware 2024-08-04 N/A
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication). The command injection exists in the key ip_addr.
CVE-2019-13149 1 Trendnet 2 Tew-827dru, Tew-827dru Firmware 2024-08-04 N/A
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the key passwd in Routing RIP Settings.
CVE-2019-13155 1 Trendnet 2 Tew-827dru, Tew-827dru Firmware 2024-08-04 N/A
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the IP Address in Add Virtual Server.
CVE-2019-13152 1 Trendnet 2 Tew-827dru, Tew-827dru Firmware 2024-08-04 N/A
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the IP Address in Add Gaming Rule.
CVE-2019-13153 1 Trendnet 2 Tew-827dru, Tew-827dru Firmware 2024-08-04 N/A
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the Private Port in Add Virtual Server.
CVE-2019-13154 1 Trendnet 2 Tew-827dru, Tew-827dru Firmware 2024-08-04 N/A
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the TCP Ports To Open in Add Gaming Rule.
CVE-2019-13148 1 Trendnet 2 Tew-827dru, Tew-827dru Firmware 2024-08-04 N/A
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the UDP Ports To Open in Add Gaming Rule.
CVE-2019-13151 1 Trendnet 2 Tew-827dru, Tew-827dru Firmware 2024-08-04 N/A
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the action set_sta_enrollee_pin_5g and the key wps_sta_enrollee_pin.
CVE-2019-11399 1 Trendnet 6 Tew-651br, Tew-651br Firmware, Tew-652brp and 3 more 2024-08-04 9.8 Critical
An issue was discovered on TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices. OS command injection occurs through the get_set.ccp lanHostCfg_HostName_1.1.1.0.0 parameter.
CVE-2019-11418 1 Trendnet 2 Tew-632brp, Tew-632brp Firmware 2024-08-04 N/A
apply.cgi on the TRENDnet TEW-632BRP 1.010B32 router has a buffer overflow via long strings to the SOAPACTION:HNAP1 interface.
CVE-2019-11417 1 Trendnet 2 Tv-ip110wn, Tv-ip110wn Firmware 2024-08-04 N/A
system.cgi on TRENDnet TV-IP110WN cameras has a buffer overflow caused by an inadequate source-length check before a strcpy operation in the respondAsp function. Attackers can exploit the vulnerability by using the languse parameter with a long string. This affects 1.2.2 build 28, 64, 65, and 68.