CVE-2019-13276

Published: Jul 10, 2019Modified: Nov 21, 2024

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains a stack-based buffer overflow in the ssi binary. The overflow allows an unauthenticated user to execute arbitrary code by providing a sufficiently long query string when POSTing to any valid cgi, txt, asp, or js file. The vulnerability can be exercised on the local intranet or remotely if remote administration is enabled.

Affected (1)

Products: Trendnet: Tew 827dru Firmware

1 product

Tew 827dru Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Trendnet Tew 827dru Firmware	Up to 2.04b03

Running on/with	Platform Versions
Trendnet Tew 827dru	Version 2.0

Related CWEs

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://github.com/fuzzywalls/TRENDNetExploits/tree/master/CVE-2019-13276

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/fuzzywalls/TRENDNetExploits/tree/master/CVE-2019-13276

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.