Trendnet

Tew-827dru Firmware

42 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2021-20150

  • EPSS 38.8%
  • Published 30.12.2021 22:15:08
  • Last modified 21.11.2024 05:46:01

Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses information via redirection from the setup wizard. Authentication can be bypassed and a user may view information as Admin by manually browsing to the setup wizard and forcing it to redi...

8.8

CVE-2020-14076

Exploit
  • EPSS 6.4%
  • Published 15.06.2020 13:15:09
  • Last modified 21.11.2024 05:02:35

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action st_dev_connect, st_dev_disconnect, or st_d...

9

CVE-2020-14081

  • EPSS 7.48%
  • Published 15.06.2020 04:15:13
  • Last modified 21.11.2024 05:02:36

TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action send_log_email with the key auth_acname (or auth_passwd), allowing an authenticated user to run arbitrary commands on the device.

9.8

CVE-2020-14080

  • EPSS 3.76%
  • Published 15.06.2020 04:15:13
  • Last modified 21.11.2024 05:02:36

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an unauthenticated user to execute arbitrary code by POSTing to apply_sec.cgi via the action ping_test with a sufficiently long p...

8.8

CVE-2020-14079

  • EPSS 4.9%
  • Published 15.06.2020 04:15:13
  • Last modified 21.11.2024 05:02:35

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action auto_up_fw (or auto_up_lp) with a sufficie...

8.8

CVE-2020-14078

  • EPSS 3.85%
  • Published 15.06.2020 04:15:13
  • Last modified 21.11.2024 05:02:35

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action wifi_captive_portal_login with a sufficien...

8.8

CVE-2020-14077

  • EPSS 3.38%
  • Published 15.06.2020 04:15:13
  • Last modified 21.11.2024 05:02:35

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action set_sta_enrollee_pin_wifi1 (or set_sta_enr...

9

CVE-2020-14075

  • EPSS 12.27%
  • Published 15.06.2020 04:15:13
  • Last modified 21.11.2024 05:02:34

TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action pppoe_connect, ru_pppoe_connect, or dhcp_connect with the key wan_ifname (or wan0_dns), allowing an authenticated user to run arbitrary comman...

8.8

CVE-2020-14074

  • EPSS 3.85%
  • Published 15.06.2020 04:15:13
  • Last modified 21.11.2024 05:02:33

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action kick_ban_wifi_mac_allow with a sufficientl...

10

CVE-2019-13278

Exploit
  • EPSS 60.72%
  • Published 10.07.2019 17:15:12
  • Last modified 21.11.2024 04:24:36

TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple command injections when processing user input for the setup wizard, allowing an unauthenticated user to run arbitrary commands on the device. The vulnerability can be exe...