CVE-2024-42813

Published: Aug 19, 2024Modified: Apr 1, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

In TRENDnet TEW-752DRU FW1.03B01, there is a buffer overflow vulnerability due to the lack of length verification for the service field in gena.cgi. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands.

Affected (1)

Products: Trendnet: Tew 752dru Firmware

1 product

Tew 752dru Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Trendnet Tew 752dru Firmware	Version 1.03b01

Running on/with	Platform Versions
Trendnet Tew 752dru	All versions

Related CWEs

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (1)

https://gist.github.com/XiaoCurry/204680035c1efffa27d14956820ad928

Source: cve@mitre.org

ExploitThird Party Advisory

Timeline

No history available yet.