Page 2 of 130 results (0.003 seconds)

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2

An issue was discovered in libremote_dbg.so on TRENDnet TV-IP1314PI 5.5.3 200714 devices. Filtering of debug information is mishandled during use of popen. Consequently, an attacker can bypass validation and execute a shell command. Se descubrió un problema en libremote_dbg.so en dispositivos TRENDnet TV-IP1314PI 5.5.3 200714. El filtrado de información de depuración se maneja mal durante el uso de popen. • https://drive.google.com/file/d/1lTloBkH_7zAz1ZbFVSZnfpoPd81aPaHx/view?usp=sharing https://github.com/pcsle37/TRENDnet/blob/main/TRENDnet_vul.pdf •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2

An issue was discovered on TRENDnet TV-IP1314PI 5.5.3 200714 devices. Command injection can occur because the system function is used by davinci to unpack language packs without strict filtering of URL strings. Se descubrió un problema en los dispositivos TRENDnet TV-IP1314PI 5.5.3 200714. La inyección de comandos puede ocurrir porque davinci utiliza la función del sistema para descomprimir paquetes de idiomas sin un filtrado estricto de las cadenas de URL. • https://drive.google.com/file/d/1lTloBkH_7zAz1ZbFVSZnfpoPd81aPaHx/view?usp=sharing https://github.com/pcsle37/TRENDnet/blob/main/TRENDnet_vul.pdf • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2

A stack-based buffer overflow was discovered on TRENDnet TV-IP1314PI 5.5.3 200714 devices, leading to arbitrary command execution. This occurs because of lack of length validation during an sscanf of a user-entered scale field in the RTSP playback function of davinci. Se descubrió un desbordamiento de búfer en la región stack de la memoria en dispositivos TRENDnet TV-IP1314PI 5.5.3 200714, lo que provocó la ejecución de comandos arbitrarios. Esto ocurre debido a la falta de validación de longitud durante un sscanf de un campo de escala ingresado por el usuario en la función de reproducción RTSP de davinci. • https://drive.google.com/file/d/1lTloBkH_7zAz1ZbFVSZnfpoPd81aPaHx/view?usp=sharing https://github.com/pcsle37/TRENDnet/blob/main/TRENDnet_vul.pdf • CWE-787: Out-of-bounds Write •

CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 1

A vulnerability was found in TRENDnet TEW-652BRP 3.04b01. It has been classified as critical. Affected is an unknown function of the file ping.ccp of the component Web Interface. The manipulation leads to command injection. It is possible to launch the attack remotely. • https://vuldb.com/?ctiid.220020 https://vuldb.com/?id.220020 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

A vulnerability was found in TRENDnet TEW-652BRP 3.04b01 and classified as problematic. This issue affects some unknown processing of the file get_set.ccp of the component Web Management Interface. The manipulation of the argument nextPage leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-220019. • https://vuldb.com/?ctiid.220019 https://vuldb.com/?id.220019 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •