Tew 827dru Firmware

tew-827dru_firmware

Vendor: Trendnet • 42 CVEs

CVEs (42)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-20149 1Trendnet 1Tew 827dru Firmware Nov 21, 2024 Dec 30, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient access controls for the WAN interface. The default iptables ruleset for governing access to services on the device only apply to IPv4. All services runn...Show more Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient access controls for the WAN interface. The default iptables ruleset for governing access to services on the device only apply to IPv4. All services running on the devices are accessible via the WAN interface via IPv6 by default.Show less
CVE-2020-14076 1Trendnet 1Tew 827dru Firmware Nov 21, 2024 Jun 15, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action st_dev_conne...Show more TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action st_dev_connect, st_dev_disconnect, or st_dev_rconnect with a sufficiently long wan_type key.Show less
CVE-2020-14081 1Trendnet 1Tew 827dru Firmware Nov 21, 2024 Jun 15, 2020 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action send_log_email with the key auth_acname (or auth_passwd), allowing an authenticated user to run arbitrary comman...Show more TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action send_log_email with the key auth_acname (or auth_passwd), allowing an authenticated user to run arbitrary commands on the device.Show less
CVE-2020-14080 1Trendnet 1Tew 827dru Firmware Nov 21, 2024 Jun 15, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an unauthenticated user to execute arbitrary code by POSTing to apply_sec.cgi via the action ping_t...Show more TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an unauthenticated user to execute arbitrary code by POSTing to apply_sec.cgi via the action ping_test with a sufficiently long ping_ipaddr key.Show less
CVE-2020-14079 1Trendnet 1Tew 827dru Firmware Nov 21, 2024 Jun 15, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action auto_up_fw (...Show more TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action auto_up_fw (or auto_up_lp) with a sufficiently long update_file_name key.Show less
CVE-2020-14078 1Trendnet 1Tew 827dru Firmware Nov 21, 2024 Jun 15, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action wifi_captive...Show more TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action wifi_captive_portal_login with a sufficiently long REMOTE_ADDR key.Show less
CVE-2020-14077 1Trendnet 1Tew 827dru Firmware Nov 21, 2024 Jun 15, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action set_sta_enro...Show more TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action set_sta_enrollee_pin_wifi1 (or set_sta_enrollee_pin_wifi0) with a sufficiently long wps_sta_enrollee_pin key.Show less
CVE-2020-14075 1Trendnet 1Tew 827dru Firmware Nov 21, 2024 Jun 15, 2020 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action pppoe_connect, ru_pppoe_connect, or dhcp_connect with the key wan_ifname (or wan0_dns), allowing an authenticate...Show more TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action pppoe_connect, ru_pppoe_connect, or dhcp_connect with the key wan_ifname (or wan0_dns), allowing an authenticated user to run arbitrary commands on the device.Show less
CVE-2020-14074 1Trendnet 1Tew 827dru Firmware Nov 21, 2024 Jun 15, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action kick_ban_wif...Show more TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action kick_ban_wifi_mac_allow with a sufficiently long qcawifi.wifi0_vap0.maclist key.Show less
CVE-2019-13279 1Trendnet 1Tew 827dru Firmware Nov 21, 2024 Jul 10, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple stack-based buffer overflows when processing user input for the setup wizard, allowing an unauthenticated user to execute arbitrary code. Th...Show more TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple stack-based buffer overflows when processing user input for the setup wizard, allowing an unauthenticated user to execute arbitrary code. The vulnerability can be exercised on the local intranet or remotely if remote administration is enabled.Show less
CVE-2019-13278 1Trendnet 1Tew 827dru Firmware Nov 21, 2024 Jul 10, 2019 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple command injections when processing user input for the setup wizard, allowing an unauthenticated user to run arbitrary commands on the device...Show more TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple command injections when processing user input for the setup wizard, allowing an unauthenticated user to run arbitrary commands on the device. The vulnerability can be exercised on the local intranet or remotely if remote administration is enabled.Show less
CVE-2019-13276 1Trendnet 1Tew 827dru Firmware Nov 21, 2024 Jul 10, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains a stack-based buffer overflow in the ssi binary. The overflow allows an unauthenticated user to execute arbitrary code by providing a sufficiently lo...Show more TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains a stack-based buffer overflow in the ssi binary. The overflow allows an unauthenticated user to execute arbitrary code by providing a sufficiently long query string when POSTing to any valid cgi, txt, asp, or js file. The vulnerability can be exercised on the local intranet or remotely if remote administration is enabled.Show less
CVE-2019-13277 1Trendnet 1Tew 827dru Firmware Nov 21, 2024 Jul 9, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 TRENDnet TEW-827DRU with firmware up to and including 2.04B03 allows an unauthenticated attacker to execute setup wizard functionality, giving this attacker the ability to change configuration values, potentially leading...Show more TRENDnet TEW-827DRU with firmware up to and including 2.04B03 allows an unauthenticated attacker to execute setup wizard functionality, giving this attacker the ability to change configuration values, potentially leading to a denial of service. The request can be made on the local intranet or remotely if remote administration is enabled.Show less
CVE-2019-13280 1Trendnet 1Tew 827dru Firmware Nov 21, 2024 Jul 9, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains a stack-based buffer overflow while returning an error message to the user about failure to resolve a hostname during a ping or traceroute attempt. T...Show more TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains a stack-based buffer overflow while returning an error message to the user about failure to resolve a hostname during a ping or traceroute attempt. This allows an authenticated user to execute arbitrary code. The exploit can be exercised on the local intranet or remotely if remote administration is enabled.Show less
CVE-2019-13155 1Trendnet 1Tew 827dru Firmware Nov 21, 2024 Jul 2, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the IP Address in Add Virtual Server.
CVE-2019-13154 1Trendnet 1Tew 827dru Firmware Nov 21, 2024 Jul 2, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the TCP Ports To Open in Add Gaming Rule.
CVE-2019-13153 1Trendnet 1Tew 827dru Firmware Nov 21, 2024 Jul 2, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the Private Port in Add Virtual Server.
CVE-2019-13152 1Trendnet 1Tew 827dru Firmware Nov 21, 2024 Jul 2, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the IP Address in Add Gaming Rule.
CVE-2019-13151 1Trendnet 1Tew 827dru Firmware Nov 21, 2024 Jul 2, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the action set_sta_enrollee_pin_5g and the key wps_sta_enrollee_pin.
CVE-2019-13150 1Trendnet 1Tew 827dru Firmware Nov 21, 2024 Jul 2, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication). The command injection exists in the key ip_addr.

Previous 123 Next