CVE-2024-22546 - Vulnerability Details - OpenCVE

TRENDnet TEW-815DAP 1.0.2.0 is vulnerable to Command Injection via the do_setNTP function. An authenticated attacker with administrator privileges can leverage this vulnerability over the network via a malicious POST request.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00211.

Key SSVC decision points have not yet been added.

Vendors	Products
Trendnet	Tew-815dap Tew-815dap Firmware

Configuration 1 [-]

AND

cpe:2.3:o:trendnet:tew-815dap_firmware:1.0.2.0:*:*:*:*:*:*:*

cpe:2.3:h:trendnet:tew-815dap:-:*:*:*:*:*:*:*

No data.

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://warp-desk-89d.notion.site/TEW-815DAP-94a631c20dee4f399268dbcc880f1f4c
https://www.trendnet.com/support/support-detail.asp?prod=105_TEW-815DAP

History

Tue, 01 Apr 2025 15:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Trendnet Trendnet tew-815dap Trendnet tew-815dap Firmware
CPEs		cpe:2.3:h:trendnet:tew-815dap:-:::::::* cpe:2.3:o:trendnet:tew-815dap_firmware:1.0.2.0:::::::*
Vendors & Products		Trendnet Trendnet tew-815dap Trendnet tew-815dap Firmware

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-04-30T00:00:00

Updated: 2024-08-01T22:51:10.763Z

Reserved: 2024-01-11T00:00:00

Link: CVE-2024-22546

Vulnrichment

Updated: 2024-08-01T22:51:10.763Z

NVD

Status : Analyzed

Published: 2024-04-30T19:15:23.147

Modified: 2025-04-01T15:11:17.547

Link: CVE-2024-22546

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-22546", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-01T22:51:10.763Z", "dateReserved": "2024-01-11T00:00:00", "datePublished": "2024-04-30T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-04-30T18:22:22.126147"}, "descriptions": [{"lang": "en", "value": "TRENDnet TEW-815DAP 1.0.2.0 is vulnerable to Command Injection via the do_setNTP function. An authenticated attacker with administrator privileges can leverage this vulnerability over the network via a malicious POST request."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.trendnet.com/support/support-detail.asp?prod=105_TEW-815DAP"}, {"url": "https://warp-desk-89d.notion.site/TEW-815DAP-94a631c20dee4f399268dbcc880f1f4c"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-22546", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-01T20:30:42.641505Z"}}}], "affected": [{"cpes": ["cpe:2.3:h:trendnet:tew-815dap:-:*:*:*:*:*:*:*"], "vendor": "trendnet", "product": "tew-815dap", "versions": [{"status": "affected", "version": "1.0.2.0"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-77", "description": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:52:47.854Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:51:10.763Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.trendnet.com/support/support-detail.asp?prod=105_TEW-815DAP", "tags": ["x_transferred"]}, {"url": "https://warp-desk-89d.notion.site/TEW-815DAP-94a631c20dee4f399268dbcc880f1f4c", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.trendnet.com/support/support-detail.asp?prod=105_TEW-815DAP", "tags": ["x_transferred"]}, {"url": "https://warp-desk-89d.notion.site/TEW-815DAP-94a631c20dee4f399268dbcc880f1f4c", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:51:10.763Z"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-22546", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-01T20:30:42.641505Z"}}}], "affected": [{"cpes": ["cpe:2.3:h:trendnet:tew-815dap:-:*:*:*:*:*:*:*"], "vendor": "trendnet", "product": "tew-815dap", "versions": [{"status": "affected", "version": "1.0.2.0"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-77", "description": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-01T20:32:06.891Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://www.trendnet.com/support/support-detail.asp?prod=105_TEW-815DAP"}, {"url": "https://warp-desk-89d.notion.site/TEW-815DAP-94a631c20dee4f399268dbcc880f1f4c"}], "descriptions": [{"lang": "en", "value": "TRENDnet TEW-815DAP 1.0.2.0 is vulnerable to Command Injection via the do_setNTP function. An authenticated attacker with administrator privileges can leverage this vulnerability over the network via a malicious POST request."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-04-30T18:22:22.126147"}}}, "cveMetadata": {"cveId": "CVE-2024-22546", "state": "PUBLISHED", "dateUpdated": "2024-08-01T22:51:10.763Z", "dateReserved": "2024-01-11T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-04-30T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:trendnet:tew-815dap_firmware:1.0.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "97E4A40B-A954-4575-9817-78D79122FC14", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:trendnet:tew-815dap:-:*:*:*:*:*:*:*", "matchCriteriaId": "7664ADC9-6364-4FA7-BB0E-1371975BC3AE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "TRENDnet TEW-815DAP 1.0.2.0 is vulnerable to Command Injection via the do_setNTP function. An authenticated attacker with administrator privileges can leverage this vulnerability over the network via a malicious POST request."}, {"lang": "es", "value": "TRENDnet TEW-815DAP 1.0.2.0 es vulnerable a la inyecci\u00f3n de comandos a trav\u00e9s de la funci\u00f3n do_setNTP. Un atacante autenticado con privilegios de administrador puede aprovechar esta vulnerabilidad en la red mediante una solicitud POST maliciosa."}], "id": "CVE-2024-22546", "lastModified": "2025-04-01T15:11:17.547", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-04-30T19:15:23.147", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://warp-desk-89d.notion.site/TEW-815DAP-94a631c20dee4f399268dbcc880f1f4c"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Vendor Advisory"], "url": "https://www.trendnet.com/support/support-detail.asp?prod=105_TEW-815DAP"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://warp-desk-89d.notion.site/TEW-815DAP-94a631c20dee4f399268dbcc880f1f4c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Vendor Advisory"], "url": "https://www.trendnet.com/support/support-detail.asp?prod=105_TEW-815DAP"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}