CVE-2024-57590
- EPSS 0.44%
- Published 27.01.2025 15:15:11
- Last modified 29.05.2025 16:01:22
TRENDnet TEW-632BRP v1.010B31 devices have an OS command injection vulnerability in the CGl interface "ntp_sync.cgi",which allows remote attackers to execute arbitrary commands via parameter "ntp_server" passed to the "ntp_sync.cgi" binary through a ...
- EPSS 4.55%
- Published 07.03.2020 01:15:15
- Last modified 21.11.2024 04:54:58
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the wps_sta_enrollee_pin parameter in a set_sta_enrollee_pin.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected.
- EPSS 4.11%
- Published 07.03.2020 01:15:15
- Last modified 21.11.2024 04:54:58
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the dns_query_name parameter in a dns_query.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected.
- EPSS 4.58%
- Published 07.03.2020 01:15:15
- Last modified 21.11.2024 04:54:59
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the date parameter in a system_time.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected.
CVE-2019-11418
- EPSS 0.46%
- Published 22.04.2019 11:29:05
- Last modified 21.11.2024 04:21:04
apply.cgi on the TRENDnet TEW-632BRP 1.010B32 router has a buffer overflow via long strings to the SOAPACTION:HNAP1 interface.
CVE-2018-19242
- EPSS 2.88%
- Published 20.12.2018 23:29:01
- Last modified 21.11.2024 03:57:38
Buffer overflow in apply.cgi on TRENDnet TEW-632BRP 1.010B32 and TEW-673GRU devices allows attackers to hijack the control flow to any attacker-specified location by crafting a POST request payload (with authentication).