Trendnet

Tew-827dru Firmware

42 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.3

CVE-2024-36729

Exploit
  • EPSS 0.1%
  • Published 03.06.2024 14:15:09
  • Last modified 01.04.2025 18:21:25

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action wizard_ipv6 with a sufficiently long reboo...

8.1

CVE-2024-36728

Exploit
  • EPSS 3.59%
  • Published 03.06.2024 14:15:09
  • Last modified 01.04.2025 18:21:29

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action vlan_setting with a sufficiently long dns1...

10

CVE-2024-28354

Exploit
  • EPSS 1.19%
  • Published 15.03.2024 08:15:07
  • Last modified 01.04.2025 16:14:18

There is a command injection vulnerability in the TRENDnet TEW-827DRU router with firmware version 2.10B01. An attacker can inject commands into the post request parameters usapps.@smb[%d].username in the apply.cgi interface, thereby gaining root she...

8.8

CVE-2024-28353

Exploit
  • EPSS 4.89%
  • Published 15.03.2024 08:15:06
  • Last modified 01.04.2025 16:15:01

There is a command injection vulnerability in the TRENDnet TEW-827DRU router with firmware version 2.10B01. An attacker can inject commands into the post request parameters usapps.config.smb_admin_name in the apply.cgi interface, thereby gaining root...

9

CVE-2021-20160

Exploit
  • EPSS 9.12%
  • Published 30.12.2021 22:15:09
  • Last modified 21.11.2024 05:46:02

Trendnet AC2600 TEW-827DRU version 2.08B01 contains a command injection vulnerability in the smb functionality of the device. The username parameter used when configuring smb functionality for the device is vulnerable to command injection as root.

9

CVE-2021-20159

Exploit
  • EPSS 3.1%
  • Published 30.12.2021 22:15:09
  • Last modified 21.11.2024 05:46:02

Trendnet AC2600 TEW-827DRU version 2.08B01 is vulnerable to command injection. The system log functionality of the firmware allows for command injection as root by supplying a malformed parameter.

7.2

CVE-2021-20161

  • EPSS 0.04%
  • Published 30.12.2021 22:15:09
  • Last modified 21.11.2024 05:46:02

Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient protections for the UART functionality. A malicious actor with physical access to the device is able to connect to the UART port via a serial connection. No username or password is r...

4.9

CVE-2021-20162

  • EPSS 0.15%
  • Published 30.12.2021 22:15:09
  • Last modified 21.11.2024 05:46:02

Trendnet AC2600 TEW-827DRU version 2.08B01 stores credentials in plaintext. Usernames and passwords are stored in plaintext in the config files on the device. For example, /etc/config/cameo contains the admin password in plaintext.

4.9

CVE-2021-20163

  • EPSS 0.26%
  • Published 30.12.2021 22:15:09
  • Last modified 21.11.2024 05:46:02

Trendnet AC2600 TEW-827DRU version 2.08B01 leaks information via the ftp web page. Usernames and passwords for all ftp users are revealed in plaintext on the ftpserver.asp page.

4.9

CVE-2021-20164

  • EPSS 0.26%
  • Published 30.12.2021 22:15:09
  • Last modified 21.11.2024 05:46:02

Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses credentials for the smb functionality of the device. Usernames and passwords for all smb users are revealed in plaintext on the smbserver.asp page.