Filtered by vendor Trendnet
Subscribe
Search
Total
42 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-35203 | 1 Trendnet | 2 Tv-ip572pi, Tv-ip572pi Firmware | 2023-08-08 | N/A | 7.2 HIGH |
| An access control issue in TrendNet TV-IP572PI v1.0 allows unauthenticated attackers to access sensitive system information. | |||||
| CVE-2021-20160 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2022-07-12 | 9.0 HIGH | 8.8 HIGH |
| Trendnet AC2600 TEW-827DRU version 2.08B01 contains a command injection vulnerability in the smb functionality of the device. The username parameter used when configuring smb functionality for the device is vulnerable to command injection as root. | |||||
| CVE-2021-20159 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2022-07-12 | 9.0 HIGH | 8.8 HIGH |
| Trendnet AC2600 TEW-827DRU version 2.08B01 is vulnerable to command injection. The system log functionality of the firmware allows for command injection as root by supplying a malformed parameter. | |||||
| CVE-2022-33007 | 1 Trendnet | 4 Tew-751dr, Tew-751dr Firmware, Tew-752dru and 1 more | 2022-07-07 | 5.8 MEDIUM | 8.8 HIGH |
| TRENDnet Wi-Fi routers TEW751DR v1.03 and TEW-752DRU v1.03 were discovered to contain a stack overflow via the function genacgi_main. | |||||
| CVE-2022-30325 | 1 Trendnet | 2 Tew-831dr, Tew-831dr Firmware | 2022-06-27 | 3.3 LOW | 8.8 HIGH |
| An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The default pre-shared key for the Wi-Fi networks is the same for every router except for the last four digits. The device default pre-shared key for both 2.4 GHz and 5 GHz networks can be guessed or brute-forced by an attacker within range of the Wi-Fi network. | |||||
| CVE-2021-33317 | 1 Trendnet | 18 Teg-30102ws, Teg-30102ws Firmware, Ti-g102i and 15 more | 2022-05-20 | 5.0 MEDIUM | 7.5 HIGH |
| The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from a null pointer dereference vulnerability. This vulnerability exists in its lldp related component. Due to fail to check if ChassisID TLV is contained in the packet, by sending a crafted lldp packet to the device, an attacker can crash the process due to null pointer dereference. | |||||
| CVE-2021-20157 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2022-01-10 | 7.8 HIGH | 7.5 HIGH |
| It is possible for an unauthenticated, malicious user to force the device to reboot due to a hidden administrative command. | |||||
| CVE-2021-20165 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2022-01-07 | 6.8 MEDIUM | 8.8 HIGH |
| Trendnet AC2600 TEW-827DRU version 2.08B01 does not properly implement csrf protections. Most pages lack proper usage of CSRF protections or mitigations. Additionally, pages that do make use of CSRF tokens are trivially bypassable as the server does not appear to validate them properly (i.e. re-using an old token or finding the token thru some other method is possible). | |||||
| CVE-2021-20154 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2022-01-07 | 4.3 MEDIUM | 7.5 HIGH |
| Trendnet AC2600 TEW-827DRU version 2.08B01 contains an security flaw in the web interface. HTTPS is not enabled on the device by default. This results in cleartext transmission of sensitive information such as passwords. | |||||
| CVE-2021-28845 | 1 Trendnet | 8 Tew-755ap, Tew-755ap2kac, Tew-755ap2kac Firmware and 5 more | 2021-09-13 | 5.0 MEDIUM | 7.5 HIGH |
| Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of service by sending the POST request to apply_cgi via the lang action without a language key. | |||||
| CVE-2021-28841 | 1 Trendnet | 8 Tew-755ap, Tew-755ap2kac, Tew-755ap2kac Firmware and 5 more | 2021-08-16 | 5.0 MEDIUM | 7.5 HIGH |
| Null Pointer Dereference vulnerability in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of service by sending a POST request to apply_cgi via an action ping_test without a ping_ipaddr key. | |||||
| CVE-2021-28842 | 1 Trendnet | 8 Tew-755ap, Tew-755ap2kac, Tew-755ap2kac Firmware and 5 more | 2021-08-16 | 5.0 MEDIUM | 7.5 HIGH |
| Null Pointer Deference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial os service by sending the POST request to apply_cgi via action do_graph_auth without login_name key. | |||||
| CVE-2021-28843 | 1 Trendnet | 8 Tew-755ap, Tew-755ap2kac, Tew-755ap2kac Firmware and 5 more | 2021-08-16 | 5.0 MEDIUM | 7.5 HIGH |
| Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03 by sending the POST request to apply_cgi with an unknown action name. | |||||
| CVE-2021-28844 | 1 Trendnet | 8 Tew-755ap, Tew-755ap2kac, Tew-755ap2kac Firmware and 5 more | 2021-08-16 | 5.0 MEDIUM | 7.5 HIGH |
| Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03 by sending the POST request to apply_cgi via a do_graph_auth action without a session_id key. | |||||
| CVE-2021-32424 | 1 Trendnet | 2 Tw100-s4w1ca, Tw100-s4w1ca Firmware | 2021-06-24 | 6.8 MEDIUM | 8.8 HIGH |
| In TrendNet TW100-S4W1CA 2.3.32, due to a lack of proper session controls, a threat actor could make unauthorized changes to an affected router via a specially crafted web page. If an authenticated user were to interact with a malicious web page it could allow for a complete takeover of the router. | |||||
| CVE-2018-7034 | 1 Trendnet | 6 Tew-751dr, Tew-751dr Firmware, Tew-752dru and 3 more | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| TRENDnet TEW-751DR v1.03B03, TEW-752DRU v1.03B01, and TEW733GR v1.03B01 devices allow authentication bypass via an AUTHORIZED_GROUP=1 value, as demonstrated by a request for getcfg.php. | |||||
| CVE-2019-13280 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains a stack-based buffer overflow while returning an error message to the user about failure to resolve a hostname during a ping or traceroute attempt. This allows an authenticated user to execute arbitrary code. The exploit can be exercised on the local intranet or remotely if remote administration is enabled. | |||||
| CVE-2019-13155 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the IP Address in Add Virtual Server. | |||||
| CVE-2019-13154 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the TCP Ports To Open in Add Gaming Rule. | |||||
| CVE-2019-13153 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the Private Port in Add Virtual Server. | |||||
| CVE-2019-13277 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| TRENDnet TEW-827DRU with firmware up to and including 2.04B03 allows an unauthenticated attacker to execute setup wizard functionality, giving this attacker the ability to change configuration values, potentially leading to a denial of service. The request can be made on the local intranet or remotely if remote administration is enabled. | |||||
| CVE-2019-13151 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the action set_sta_enrollee_pin_5g and the key wps_sta_enrollee_pin. | |||||
| CVE-2019-13149 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the key passwd in Routing RIP Settings. | |||||
| CVE-2020-14081 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2020-06-17 | 9.0 HIGH | 8.8 HIGH |
| TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action send_log_email with the key auth_acname (or auth_passwd), allowing an authenticated user to run arbitrary commands on the device. | |||||
| CVE-2020-14079 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2020-06-17 | 6.5 MEDIUM | 8.8 HIGH |
| TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action auto_up_fw (or auto_up_lp) with a sufficiently long update_file_name key. | |||||
| CVE-2020-14078 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2020-06-17 | 6.5 MEDIUM | 8.8 HIGH |
| TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action wifi_captive_portal_login with a sufficiently long REMOTE_ADDR key. | |||||
| CVE-2020-14077 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2020-06-17 | 6.5 MEDIUM | 8.8 HIGH |
| TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action set_sta_enrollee_pin_wifi1 (or set_sta_enrollee_pin_wifi0) with a sufficiently long wps_sta_enrollee_pin key. | |||||
| CVE-2020-14075 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2020-06-17 | 9.0 HIGH | 8.8 HIGH |
| TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action pppoe_connect, ru_pppoe_connect, or dhcp_connect with the key wan_ifname (or wan0_dns), allowing an authenticated user to run arbitrary commands on the device. | |||||
| CVE-2020-14076 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2020-06-17 | 6.5 MEDIUM | 8.8 HIGH |
| TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action st_dev_connect, st_dev_disconnect, or st_dev_rconnect with a sufficiently long wan_type key. | |||||
| CVE-2020-14074 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2020-06-16 | 6.5 MEDIUM | 8.8 HIGH |
| TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action kick_ban_wifi_mac_allow with a sufficiently long qcawifi.wifi0_vap0.maclist key. | |||||
| CVE-2020-10213 | 2 Dlink, Trendnet | 4 Dir-825, Dir-825 Firmware, Tew-632brp and 1 more | 2020-03-09 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the wps_sta_enrollee_pin parameter in a set_sta_enrollee_pin.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected. | |||||
| CVE-2020-10215 | 2 Dlink, Trendnet | 4 Dir-825, Dir-825 Firmware, Tew-632brp and 1 more | 2020-03-09 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the dns_query_name parameter in a dns_query.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected. | |||||
| CVE-2020-10216 | 2 Dlink, Trendnet | 4 Dir-825, Dir-825 Firmware, Tew-632brp and 1 more | 2020-03-09 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the date parameter in a system_time.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected. | |||||
| CVE-2013-6360 | 1 Trendnet | 2 Ts-s402, Ts-s402 Firmware | 2020-02-26 | 5.0 MEDIUM | 7.5 HIGH |
| TRENDnet TS-S402 has a backdoor to enable TELNET. | |||||
| CVE-2013-3366 | 1 Trendnet | 2 Tew-812dru, Tew-812dru Firmware | 2020-02-10 | 9.3 HIGH | 8.8 HIGH |
| Undocumented TELNET service in TRENDnet TEW-812DRU when a web page named backdoor contains an HTML parameter of password and a value of j78G¬DFdg_24Mhw3. | |||||
| CVE-2019-13150 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2019-07-02 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication). The command injection exists in the key ip_addr. | |||||
| CVE-2019-13148 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2019-07-02 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the UDP Ports To Open in Add Gaming Rule. | |||||
| CVE-2019-13152 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2019-07-02 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the IP Address in Add Gaming Rule. | |||||
| CVE-2018-19239 | 1 Trendnet | 2 Tew-673gru, Tew-673gru Firmware | 2019-01-14 | 9.0 HIGH | 7.2 HIGH |
| TRENDnet TEW-673GRU v1.00b40 devices have an OS command injection vulnerability in the start_arpping function of the timer binary, which allows remote attackers to execute arbitrary commands via three parameters (dhcpd_start, dhcpd_end, and lan_ipaddr) passed to the apply.cgi binary through a POST request. | |||||
| CVE-2018-19241 | 1 Trendnet | 4 Tv-ip110wn, Tv-ip110wn Firmware, Tv-ip121wn and 1 more | 2019-01-14 | 5.0 MEDIUM | 7.5 HIGH |
| Buffer overflow in video.cgi on TRENDnet TV-IP110WN V1.2.2 build 68, V1.2.2.65, and V1.2.2 build 64 and TV-IP121WN V1.2.2 build 28 devices allows attackers to hijack the control flow to any attacker-specified location by crafting a POST request payload (without authentication). | |||||
| CVE-2018-19242 | 1 Trendnet | 4 Tew-632brp, Tew-632brp Firmware, Tew-673gru and 1 more | 2019-01-14 | 6.5 MEDIUM | 8.8 HIGH |
| Buffer overflow in apply.cgi on TRENDnet TEW-632BRP 1.010B32 and TEW-673GRU devices allows attackers to hijack the control flow to any attacker-specified location by crafting a POST request payload (with authentication). | |||||
| CVE-2015-2880 | 1 Trendnet | 1 Tv-ip743sic | 2017-04-14 | 9.0 HIGH | 8.8 HIGH |
| TRENDnet WiFi Baby Cam TV-IP743SIC has a password of admin for the backdoor root account. | |||||