CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-30325
https://notcve.org/view.php?id=CVE-2022-30325
An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The default pre-shared key for the Wi-Fi networks is the same for every router except for the last four digits. The device default pre-shared key for both 2.4 GHz and 5 GHz networks can be guessed or brute-forced by an attacker within range of the Wi-Fi network. Se encontró un problema en los dispositivos TRENDnet TEW-831DR versión 1.0 601.130.1.1356. La clave precompartida por defecto para las redes Wi-Fi es la misma para todos los enrutadores, excepto por los últimos cuatro dígitos. • https://research.nccgroup.com/2022/06/10/technical-advisory-multiple-vulnerabilities-in-trendnet-tew-831dr-wifi-router-cve-2022-30325-cve-2022-30326-cve-2022-30327-cve-2022-30328-cve-2022-30329 https://research.nccgroup.com/?research=Technical+advisories • CWE-521: Weak Password Requirements •
CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 0CVE-2021-33317
https://notcve.org/view.php?id=CVE-2021-33317
The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from a null pointer dereference vulnerability. This vulnerability exists in its lldp related component. Due to fail to check if ChassisID TLV is contained in the packet, by sending a crafted lldp packet to the device, an attacker can crash the process due to null pointer dereference. El switch TRENDnet TI-PG1284i (hw versión v2.0R) versiones anteriores a 2.0.2.S0, sufre una vulnerabilidad de desreferencia de puntero null. Esta vulnerabilidad se presenta en su componente relacionado con lldp. • https://www.trendnet.com/support/view.asp?cat=4&id=81 • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0CVE-2021-33315
https://notcve.org/view.php?id=CVE-2021-33315
The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from an integer underflow vulnerability. This vulnerability exists in its lldp related component. Due to lack of proper validation on length field of PortID TLV, by sending a crafted lldp packet to the device, integer underflow would occur and the negative number will be passed to memcpy() later, which may cause buffer overflow or invalid memory access. El switch TRENDnet TI-PG1284i (hw versión v2.0R) versiones anteriores a 2.0.2.S0, sufre una vulnerabilidad de desbordamiento de enteros. Esta vulnerabilidad se presenta en su componente relacionado con lldp. • https://www.trendnet.com/support/view.asp?cat=4&id=81 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0CVE-2021-33316
https://notcve.org/view.php?id=CVE-2021-33316
The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from an integer underflow vulnerability. This vulnerability exists in its lldp related component. Due to lack of proper validation on length field of ChassisID TLV, by sending a crafted lldp packet to the device, integer underflow would occur and the negative number will be passed to memcpy() later, which may cause buffer overflow or invalid memory access. El switch TRENDnet TI-PG1284i (hw versión v2.0R) versiones anteriores a 2.0.2.S0, sufre una vulnerabilidad de desbordamiento de enteros. Esta vulnerabilidad se presenta en su componente relacionado con lldp. • https://www.trendnet.com/support/view.asp?cat=4&id=81 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2021-20165
https://notcve.org/view.php?id=CVE-2021-20165
Trendnet AC2600 TEW-827DRU version 2.08B01 does not properly implement csrf protections. Most pages lack proper usage of CSRF protections or mitigations. Additionally, pages that do make use of CSRF tokens are trivially bypassable as the server does not appear to validate them properly (i.e. re-using an old token or finding the token thru some other method is possible). Trendnet AC2600 TEW-827DRU versión 2.08B01, no implementa correctamente las protecciones csrf. La mayoría de las páginas carecen de un uso adecuado de las protecciones o mitigaciones de CSRF. • https://www.tenable.com/security/research/tra-2021-54 • CWE-352: Cross-Site Request Forgery (CSRF) •