Filtered by vendor Trendnet
Subscribe
Total
130 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-28842 | 1 Trendnet | 8 Tew-755ap, Tew-755ap2kac, Tew-755ap2kac Firmware and 5 more | 2021-08-16 | 5.0 MEDIUM | 7.5 HIGH |
| Null Pointer Deference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial os service by sending the POST request to apply_cgi via action do_graph_auth without login_name key. | |||||
| CVE-2021-28843 | 1 Trendnet | 8 Tew-755ap, Tew-755ap2kac, Tew-755ap2kac Firmware and 5 more | 2021-08-16 | 5.0 MEDIUM | 7.5 HIGH |
| Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03 by sending the POST request to apply_cgi with an unknown action name. | |||||
| CVE-2021-28844 | 1 Trendnet | 8 Tew-755ap, Tew-755ap2kac, Tew-755ap2kac Firmware and 5 more | 2021-08-16 | 5.0 MEDIUM | 7.5 HIGH |
| Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03 by sending the POST request to apply_cgi via a do_graph_auth action without a session_id key. | |||||
| CVE-2021-31655 | 1 Trendnet | 2 Tv-ip110wn, Tv-ip110wn Firmware | 2021-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in TRENDnet TV-IP110WN V1.2.2.64 V1.2.2.65 V1.2.2.68 via the profile parameter. in a GET request in view.cgi. | |||||
| CVE-2019-11417 | 1 Trendnet | 2 Tv-ip110wn, Tv-ip110wn Firmware | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| system.cgi on TRENDnet TV-IP110WN cameras has a buffer overflow caused by an inadequate source-length check before a strcpy operation in the respondAsp function. Attackers can exploit the vulnerability by using the languse parameter with a long string. This affects 1.2.2 build 28, 64, 65, and 68. | |||||
| CVE-2021-32424 | 1 Trendnet | 2 Tw100-s4w1ca, Tw100-s4w1ca Firmware | 2021-06-24 | 6.8 MEDIUM | 8.8 HIGH |
| In TrendNet TW100-S4W1CA 2.3.32, due to a lack of proper session controls, a threat actor could make unauthorized changes to an affected router via a specially crafted web page. If an authenticated user were to interact with a malicious web page it could allow for a complete takeover of the router. | |||||
| CVE-2021-32426 | 1 Trendnet | 2 Tw100-s4w1ca, Tw100-s4w1ca Firmware | 2021-06-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| In TrendNet TW100-S4W1CA 2.3.32, it is possible to inject arbitrary JavaScript into the router's web interface via the "echo" command. | |||||
| CVE-2019-13277 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| TRENDnet TEW-827DRU with firmware up to and including 2.04B03 allows an unauthenticated attacker to execute setup wizard functionality, giving this attacker the ability to change configuration values, potentially leading to a denial of service. The request can be made on the local intranet or remotely if remote administration is enabled. | |||||
| CVE-2019-13278 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple command injections when processing user input for the setup wizard, allowing an unauthenticated user to run arbitrary commands on the device. The vulnerability can be exercised on the local intranet or remotely if remote administration is enabled. | |||||
| CVE-2019-13279 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple stack-based buffer overflows when processing user input for the setup wizard, allowing an unauthenticated user to execute arbitrary code. The vulnerability can be exercised on the local intranet or remotely if remote administration is enabled. | |||||
| CVE-2018-7034 | 1 Trendnet | 6 Tew-751dr, Tew-751dr Firmware, Tew-752dru and 3 more | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| TRENDnet TEW-751DR v1.03B03, TEW-752DRU v1.03B01, and TEW733GR v1.03B01 devices allow authentication bypass via an AUTHORIZED_GROUP=1 value, as demonstrated by a request for getcfg.php. | |||||
| CVE-2019-13151 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the action set_sta_enrollee_pin_5g and the key wps_sta_enrollee_pin. | |||||
| CVE-2019-13280 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains a stack-based buffer overflow while returning an error message to the user about failure to resolve a hostname during a ping or traceroute attempt. This allows an authenticated user to execute arbitrary code. The exploit can be exercised on the local intranet or remotely if remote administration is enabled. | |||||
| CVE-2019-13149 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the key passwd in Routing RIP Settings. | |||||
| CVE-2019-13276 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains a stack-based buffer overflow in the ssi binary. The overflow allows an unauthenticated user to execute arbitrary code by providing a sufficiently long query string when POSTing to any valid cgi, txt, asp, or js file. The vulnerability can be exercised on the local intranet or remotely if remote administration is enabled. | |||||
| CVE-2019-13154 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the TCP Ports To Open in Add Gaming Rule. | |||||
| CVE-2019-13155 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the IP Address in Add Virtual Server. | |||||
| CVE-2019-13153 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the Private Port in Add Virtual Server. | |||||
| CVE-2020-14081 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2020-06-17 | 9.0 HIGH | 8.8 HIGH |
| TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action send_log_email with the key auth_acname (or auth_passwd), allowing an authenticated user to run arbitrary commands on the device. | |||||
| CVE-2020-14080 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2020-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an unauthenticated user to execute arbitrary code by POSTing to apply_sec.cgi via the action ping_test with a sufficiently long ping_ipaddr key. | |||||