CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2022-31875
https://notcve.org/view.php?id=CVE-2022-31875
Trendnet IP-110wn camera fw_tv-ip110wn_v2(1.2.2.68) has an xss vulnerability via the proname parameter in /admin/scheprofile.cgi La cámara Trendnet IP-110wn versión fw_tv-ip110wn_v2(1.2.2.68), presenta una vulnerabilidad de tipo xss por medio del parámetro proname en el archivo /admin/scheprofile.cgi • https://github.com/jayus0821/uai-poc/blob/main/Trendnet/IP-110wn/xss1.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-30328
https://notcve.org/view.php?id=CVE-2022-30328
An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The username and password setup for the web interface does not require entering the existing password. A malicious user can change the username and password of the interface. Se encontró un problema en los dispositivos TRENDnet TEW-831DR versión 1.0 601.130.1.1356. La configuración del nombre de usuario y la contraseña para la interfaz web no requiere la introducción de la contraseña existente. • https://research.nccgroup.com/2022/06/10/technical-advisory-multiple-vulnerabilities-in-trendnet-tew-831dr-wifi-router-cve-2022-30325-cve-2022-30326-cve-2022-30327-cve-2022-30328-cve-2022-30329 https://research.nccgroup.com/?research=Technical+advisories • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2022-30327
https://notcve.org/view.php?id=CVE-2022-30327
An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The web interface is vulnerable to CSRF. An attacker can change the pre-shared key of the Wi-Fi router if the interface's IP address is known. Se encontró un problema en los dispositivos TRENDnet TEW-831DR versión 1.0 601.130.1.1356. La interfaz web es vulnerable a un ataque de tipo CSRF. • https://research.nccgroup.com/2022/06/10/technical-advisory-multiple-vulnerabilities-in-trendnet-tew-831dr-wifi-router-cve-2022-30325-cve-2022-30326-cve-2022-30327-cve-2022-30328-cve-2022-30329 https://research.nccgroup.com/?research=Technical+advisories • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-30329
https://notcve.org/view.php?id=CVE-2022-30329
An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. An OS injection vulnerability exists within the web interface, allowing an attacker with valid credentials to execute arbitrary shell commands. Se ha encontrado un problema en los dispositivos TRENDnet TEW-831DR versión 1.0 601.130.1.1356. Se presenta una vulnerabilidad de inyección en el Sistema Operativo dentro de la interfaz web, lo que permite a un atacante con credenciales válidas ejecutar comandos de shell arbitrarios • https://research.nccgroup.com/2022/06/10/technical-advisory-multiple-vulnerabilities-in-trendnet-tew-831dr-wifi-router-cve-2022-30325-cve-2022-30326-cve-2022-30327-cve-2022-30328-cve-2022-30329 https://research.nccgroup.com/?research=Technical+advisories • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-30326
https://notcve.org/view.php?id=CVE-2022-30326
An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The network pre-shared key field on the web interface is vulnerable to XSS. An attacker can use a simple XSS payload to crash the basic.config page of the web interface. Se encontró un problema en los dispositivos TRENDnet TEW-831DR versión 1.0 601.130.1.1356. El campo de la clave precompartida de red en la interfaz web es vulnerable a un ataque de tipo XSS. • https://research.nccgroup.com/2022/06/10/technical-advisory-multiple-vulnerabilities-in-trendnet-tew-831dr-wifi-router-cve-2022-30325-cve-2022-30326-cve-2022-30327-cve-2022-30328-cve-2022-30329 https://research.nccgroup.com/?research=Technical+advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •