Filtered by vendor Trendnet
Subscriptions
Total
135 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-7034 | 1 Trendnet | 6 Tew-751dr, Tew-751dr Firmware, Tew-752dru and 3 more | 2024-09-16 | N/A |
| TRENDnet TEW-751DR v1.03B03, TEW-752DRU v1.03B01, and TEW733GR v1.03B01 devices allow authentication bypass via an AUTHORIZED_GROUP=1 value, as demonstrated by a request for getcfg.php. | ||||
| CVE-2012-4876 | 1 Trendnet | 2 Securview Wireless Internet Camera, Securview Wireless Internet Camera Activex Control | 2024-09-16 | N/A |
| Stack-based buffer overflow in the UltraMJCam ActiveX Control in TRENDnet SecurView TV-IP121WN Wireless Internet Camera allows remote attackers to execute arbitrary code via a long string to the OpenFileDlg method. | ||||
| CVE-2024-0918 | 1 Trendnet | 2 Tew-800mb, Tew-800mb Firmware | 2024-08-23 | 7.2 High |
| A vulnerability was found in TRENDnet TEW-800MB 1.0.1.0 and classified as critical. Affected by this issue is some unknown functionality of the component POST Request Handler. The manipulation of the argument DeviceURL leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252122 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-42813 | 1 Trendnet | 1 Tew-752dru Firmware | 2024-08-20 | 9.8 Critical |
| In TRENDnet TEW-752DRU FW1.03B01, there is a buffer overflow vulnerability due to the lack of length verification for the service field in gena.cgi. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands. | ||||
| CVE-2013-6360 | 1 Trendnet | 2 Ts-s402, Ts-s402 Firmware | 2024-08-06 | 7.5 High |
| TRENDnet TS-S402 has a backdoor to enable TELNET. | ||||
| CVE-2013-4659 | 2 Asus, Trendnet | 4 Rt-ac66u, Rt-ac66u Firmware, Tew-812dru and 1 more | 2024-08-06 | N/A |
| Buffer overflow in Broadcom ACSD allows remote attackers to execute arbitrary code via a long string to TCP port 5916. This component is used on routers of multiple vendors including ASUS RT-AC66U and TRENDnet TEW-812DRU. | ||||
| CVE-2013-3365 | 1 Trendnet | 1 Tew-812dru | 2024-08-06 | N/A |
| TRENDnet TEW-812DRU router allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) wan network prefix to internet/ipv6.asp; (2) remote port to adm/management.asp; (3) pptp username, (4) pptp password, (5) ip, (6) gateway, (7) l2tp username, or (8) l2tp password to internet/wan.asp; (9) NtpDstStart, (10) NtpDstEnd, or (11) NtpDstOffset to adm/time.asp; or (12) device url to adm/management.asp. NOTE: vectors 9, 10, and 11 can be exploited by unauthenticated remote attackers by leveraging CVE-2013-3098. | ||||
| CVE-2013-3367 | 1 Trendnet | 4 Tew-691gr, Tew-691gr Firmware, Tew-692gr and 1 more | 2024-08-06 | 9.8 Critical |
| Undocumented TELNET service in TRENDnet TEW-691GR and TEW-692GR when a web page named backdoor contains an HTML parameter of password and a value of j78G¬DFdg_24Mhw3. | ||||
| CVE-2013-3366 | 1 Trendnet | 2 Tew-812dru, Tew-812dru Firmware | 2024-08-06 | 8.8 High |
| Undocumented TELNET service in TRENDnet TEW-812DRU when a web page named backdoor contains an HTML parameter of password and a value of j78G¬DFdg_24Mhw3. | ||||
| CVE-2013-3098 | 1 Trendnet | 2 Tew-812dru, Tew-812dru Firmware | 2024-08-06 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in TRENDnet TEW-812DRU router with firmware before 1.0.9.0 allow remote attackers to hijack the authentication of administrators for requests that (1) change admin credentials in a request to setSysAdm.cgi, (2) enable remote management or (3) enable port forwarding in an Apply action to uapply.cgi, or (4) have unspecified impact via a request to setNTP.cgi. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2014-10011 | 1 Trendnet | 2 Tv-ip422w, Tv-ip422wn | 2024-08-06 | N/A |
| Stack-based buffer overflow in UltraCamLib in the UltraCam ActiveX Control (UltraCamX.ocx) for the TRENDnet SecurView camera TV-IP422WN allows remote attackers to execute arbitrary code via a long string to the (1) CGI_ParamSet, (2) OpenFileDlg, (3) SnapFileName, (4) Password, (5) SetCGIAPNAME, (6) AccountCode, or (7) RemoteHost function. | ||||
| CVE-2014-8579 | 1 Trendnet | 2 Tew-823dru, Tew-823dru Firmware | 2024-08-06 | N/A |
| TRENDnet TEW-823DRU devices with firmware before 1.00b36 have a hardcoded password of kcodeskcodes for the root account, which makes it easier for remote attackers to obtain access via an FTP session. | ||||
| CVE-2015-2880 | 1 Trendnet | 1 Tv-ip743sic | 2024-08-06 | N/A |
| TRENDnet WiFi Baby Cam TV-IP743SIC has a password of admin for the backdoor root account. | ||||
| CVE-2015-1187 | 2 Dlink, Trendnet | 30 Dir-626l, Dir-626l Firmware, Dir-636l and 27 more | 2024-08-06 | 9.8 Critical |
| The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp. | ||||
| CVE-2018-19242 | 1 Trendnet | 4 Tew-632brp, Tew-632brp Firmware, Tew-673gru and 1 more | 2024-08-05 | N/A |
| Buffer overflow in apply.cgi on TRENDnet TEW-632BRP 1.010B32 and TEW-673GRU devices allows attackers to hijack the control flow to any attacker-specified location by crafting a POST request payload (with authentication). | ||||
| CVE-2018-19240 | 1 Trendnet | 4 Tv-ip110wn, Tv-ip110wn Firmware, Tv-ip121wn and 1 more | 2024-08-05 | N/A |
| Buffer overflow in network.cgi on TRENDnet TV-IP110WN V1.2.2 build 68, V1.2.2.65, and V1.2.2 build 64 and TV-IP121WN V1.2.2 build 28 devices allows attackers to hijack the control flow to any attacker-specified location by crafting a POST request payload (without authentication). | ||||
| CVE-2018-19239 | 1 Trendnet | 2 Tew-673gru, Tew-673gru Firmware | 2024-08-05 | N/A |
| TRENDnet TEW-673GRU v1.00b40 devices have an OS command injection vulnerability in the start_arpping function of the timer binary, which allows remote attackers to execute arbitrary commands via three parameters (dhcpd_start, dhcpd_end, and lan_ipaddr) passed to the apply.cgi binary through a POST request. | ||||
| CVE-2018-19241 | 1 Trendnet | 4 Tv-ip110wn, Tv-ip110wn Firmware, Tv-ip121wn and 1 more | 2024-08-05 | N/A |
| Buffer overflow in video.cgi on TRENDnet TV-IP110WN V1.2.2 build 68, V1.2.2.65, and V1.2.2 build 64 and TV-IP121WN V1.2.2 build 28 devices allows attackers to hijack the control flow to any attacker-specified location by crafting a POST request payload (without authentication). | ||||
| CVE-2019-13278 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2024-08-04 | N/A |
| TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple command injections when processing user input for the setup wizard, allowing an unauthenticated user to run arbitrary commands on the device. The vulnerability can be exercised on the local intranet or remotely if remote administration is enabled. | ||||
| CVE-2019-13276 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2024-08-04 | N/A |
| TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains a stack-based buffer overflow in the ssi binary. The overflow allows an unauthenticated user to execute arbitrary code by providing a sufficiently long query string when POSTing to any valid cgi, txt, asp, or js file. The vulnerability can be exercised on the local intranet or remotely if remote administration is enabled. | ||||