CVE-2019-13280

Published: Jul 9, 2019Modified: Nov 21, 2024

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains a stack-based buffer overflow while returning an error message to the user about failure to resolve a hostname during a ping or traceroute attempt. This allows an authenticated user to execute arbitrary code. The exploit can be exercised on the local intranet or remotely if remote administration is enabled.

Affected (1)

Products: Trendnet: Tew 827dru Firmware

1 product

Tew 827dru Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Trendnet Tew 827dru Firmware	Up to 2.04b03

Running on/with	Platform Versions
Trendnet Tew 827dru	Version 2.0

Related CWEs

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://github.com/fuzzywalls/TRENDNetExploits/tree/master/CVE-2019-13280

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/fuzzywalls/TRENDNetExploits/tree/master/CVE-2019-13280

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.