Filtered by vendor Trendnet
Subscriptions
Total
140 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-50667 | 1 Trendnet | 1 Tew-820ap | 2024-11-12 | 9.8 Critical |
| The boa httpd of Trendnet TEW-820AP 1.01.B01 has a stack overflow vulnerability in /boafrm/formIPv6Addr, /boafrm/formIpv6Setup, /boafrm/formDnsv6. The reason is that the check of ipv6 address is not sufficient, which allows attackers to construct payloads for attacks. | ||||
| CVE-2024-51190 | 1 Trendnet | 3 Tew-651br Firmware, Tew-652brp Firmware, Tew-652bru Firmware | 2024-11-12 | 4.8 Medium |
| TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the ptRule_ApplicationName_1.1.6.0.0 parameter on the /special_ap.htm page. | ||||
| CVE-2024-51187 | 1 Trendnet | 3 Tew-651br Firmware, Tew-652brp Firmware, Tew-652bru Firmware | 2024-11-12 | 4.8 Medium |
| TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the firewallRule_Name_1.1.1.0.0 parameter on the /firewall_setting.htm page. | ||||
| CVE-2024-51188 | 1 Trendnet | 3 Tew-651br Firmware, Tew-652brp Firmware, Tew-652bru Firmware | 2024-11-12 | 4.8 Medium |
| TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the vsRule_VirtualServerName_1.1.10.0.0 parameter on the /virtual_server.htm page. | ||||
| CVE-2024-51189 | 1 Trendnet | 3 Tew-651br Firmware, Tew-652brp Firmware, Tew-652bru Firmware | 2024-11-12 | 4.8 Medium |
| TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the macList_Name_1.1.1.0.0 parameter on the /filters.htm page. | ||||
| CVE-2024-0919 | 1 Trendnet | 2 Tew-815dap, Tew-815dap Firmware | 2024-10-18 | 8.8 High |
| A vulnerability was found in TRENDnet TEW-815DAP 1.0.2.0. It has been classified as critical. This affects the function do_setNTP of the component POST Request Handler. The manipulation of the argument NtpDstStart/NtpDstEnd leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252123. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2018-7034 | 1 Trendnet | 6 Tew-751dr, Tew-751dr Firmware, Tew-752dru and 3 more | 2024-09-16 | N/A |
| TRENDnet TEW-751DR v1.03B03, TEW-752DRU v1.03B01, and TEW733GR v1.03B01 devices allow authentication bypass via an AUTHORIZED_GROUP=1 value, as demonstrated by a request for getcfg.php. | ||||
| CVE-2012-4876 | 1 Trendnet | 2 Securview Wireless Internet Camera, Securview Wireless Internet Camera Activex Control | 2024-09-16 | N/A |
| Stack-based buffer overflow in the UltraMJCam ActiveX Control in TRENDnet SecurView TV-IP121WN Wireless Internet Camera allows remote attackers to execute arbitrary code via a long string to the OpenFileDlg method. | ||||
| CVE-2024-0918 | 1 Trendnet | 2 Tew-800mb, Tew-800mb Firmware | 2024-08-23 | 7.2 High |
| A vulnerability was found in TRENDnet TEW-800MB 1.0.1.0 and classified as critical. Affected by this issue is some unknown functionality of the component POST Request Handler. The manipulation of the argument DeviceURL leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252122 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-42813 | 1 Trendnet | 1 Tew-752dru Firmware | 2024-08-20 | 9.8 Critical |
| In TRENDnet TEW-752DRU FW1.03B01, there is a buffer overflow vulnerability due to the lack of length verification for the service field in gena.cgi. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands. | ||||
| CVE-2013-6360 | 1 Trendnet | 2 Ts-s402, Ts-s402 Firmware | 2024-08-06 | 7.5 High |
| TRENDnet TS-S402 has a backdoor to enable TELNET. | ||||
| CVE-2013-4659 | 2 Asus, Trendnet | 4 Rt-ac66u, Rt-ac66u Firmware, Tew-812dru and 1 more | 2024-08-06 | N/A |
| Buffer overflow in Broadcom ACSD allows remote attackers to execute arbitrary code via a long string to TCP port 5916. This component is used on routers of multiple vendors including ASUS RT-AC66U and TRENDnet TEW-812DRU. | ||||
| CVE-2013-3365 | 1 Trendnet | 1 Tew-812dru | 2024-08-06 | N/A |
| TRENDnet TEW-812DRU router allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) wan network prefix to internet/ipv6.asp; (2) remote port to adm/management.asp; (3) pptp username, (4) pptp password, (5) ip, (6) gateway, (7) l2tp username, or (8) l2tp password to internet/wan.asp; (9) NtpDstStart, (10) NtpDstEnd, or (11) NtpDstOffset to adm/time.asp; or (12) device url to adm/management.asp. NOTE: vectors 9, 10, and 11 can be exploited by unauthenticated remote attackers by leveraging CVE-2013-3098. | ||||
| CVE-2013-3367 | 1 Trendnet | 4 Tew-691gr, Tew-691gr Firmware, Tew-692gr and 1 more | 2024-08-06 | 9.8 Critical |
| Undocumented TELNET service in TRENDnet TEW-691GR and TEW-692GR when a web page named backdoor contains an HTML parameter of password and a value of j78G¬DFdg_24Mhw3. | ||||
| CVE-2013-3366 | 1 Trendnet | 2 Tew-812dru, Tew-812dru Firmware | 2024-08-06 | 8.8 High |
| Undocumented TELNET service in TRENDnet TEW-812DRU when a web page named backdoor contains an HTML parameter of password and a value of j78G¬DFdg_24Mhw3. | ||||
| CVE-2013-3098 | 1 Trendnet | 2 Tew-812dru, Tew-812dru Firmware | 2024-08-06 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in TRENDnet TEW-812DRU router with firmware before 1.0.9.0 allow remote attackers to hijack the authentication of administrators for requests that (1) change admin credentials in a request to setSysAdm.cgi, (2) enable remote management or (3) enable port forwarding in an Apply action to uapply.cgi, or (4) have unspecified impact via a request to setNTP.cgi. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2014-10011 | 1 Trendnet | 2 Tv-ip422w, Tv-ip422wn | 2024-08-06 | N/A |
| Stack-based buffer overflow in UltraCamLib in the UltraCam ActiveX Control (UltraCamX.ocx) for the TRENDnet SecurView camera TV-IP422WN allows remote attackers to execute arbitrary code via a long string to the (1) CGI_ParamSet, (2) OpenFileDlg, (3) SnapFileName, (4) Password, (5) SetCGIAPNAME, (6) AccountCode, or (7) RemoteHost function. | ||||
| CVE-2014-8579 | 1 Trendnet | 2 Tew-823dru, Tew-823dru Firmware | 2024-08-06 | N/A |
| TRENDnet TEW-823DRU devices with firmware before 1.00b36 have a hardcoded password of kcodeskcodes for the root account, which makes it easier for remote attackers to obtain access via an FTP session. | ||||
| CVE-2015-2880 | 1 Trendnet | 1 Tv-ip743sic | 2024-08-06 | N/A |
| TRENDnet WiFi Baby Cam TV-IP743SIC has a password of admin for the backdoor root account. | ||||
| CVE-2015-1187 | 2 Dlink, Trendnet | 30 Dir-626l, Dir-626l Firmware, Dir-636l and 27 more | 2024-08-06 | 9.8 Critical |
| The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp. | ||||