CVE-2018-19240
https://notcve.org/view.php?id=CVE-2018-19240
Buffer overflow in network.cgi on TRENDnet TV-IP110WN V1.2.2 build 68, V1.2.2.65, and V1.2.2 build 64 and TV-IP121WN V1.2.2 build 28 devices allows attackers to hijack the control flow to any attacker-specified location by crafting a POST request payload (without authentication). Desbordamiento de búfer en network.cgi en dispositivos TRENDnet TV-IP110WN V1.2.2 build 68, V1.2.2.65 y V1.2.2 build 64, así como TV-IP121WN V1.2.2 build 28 permite que los atacantes secuestren el flujo de control hacia cualquier ubicación especificada por el atacante, manipulando una carga útil en una petición POST (sin autenticación). • http://packetstormsecurity.com/files/150693/TRENDnet-Command-Injection-Buffer-Overflow-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2018/Dec/21 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2018-7034
https://notcve.org/view.php?id=CVE-2018-7034
TRENDnet TEW-751DR v1.03B03, TEW-752DRU v1.03B01, and TEW733GR v1.03B01 devices allow authentication bypass via an AUTHORIZED_GROUP=1 value, as demonstrated by a request for getcfg.php. Los dispositivos TRENDnet TEW-751DR v1.03B03, TEW-752DRU v1.03B01 y TEW733GR v1.03B01 permiten la omisión de autenticación mediante un valor AUTHORIZED_GROUP=1, tal y como demuestra una petición en getcfg.php. • https://blogs.securiteam.com/index.php/archives/3627 • CWE-287: Improper Authentication •
CVE-2014-8579
https://notcve.org/view.php?id=CVE-2014-8579
TRENDnet TEW-823DRU devices with firmware before 1.00b36 have a hardcoded password of kcodeskcodes for the root account, which makes it easier for remote attackers to obtain access via an FTP session. Los dispositivos TRENDnet TEW-823DRU con versiones de firmware anteriores a 1.00b36 tienen una contraseña embebida de kcodeskcodes para la cuenta root, lo que facilita que los atacantes remotos obtengan acceso mediante una sesión FTP. • http://hackingcomtapioca.blogspot.com.br/2014/10/hacking-trendnet-tew-823dru.html • CWE-798: Use of Hard-coded Credentials •
CVE-2015-2880
https://notcve.org/view.php?id=CVE-2015-2880
TRENDnet WiFi Baby Cam TV-IP743SIC has a password of admin for the backdoor root account. TRENDnet WiFi Baby Cam TV-IP743SIC tiene una contraseña de admin para la cuenta de root backdoor. • https://community.rapid7.com/community/infosec/blog/2015/09/02/iotsec-disclosure-10-new-vulns-for-several-video-baby-monitors • CWE-287: Improper Authentication •
CVE-2015-1187 – D-Link and TRENDnet Multiple Devices Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-1187
The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp. La herramienta de ping en múltiples dispositivos D-Link y TRENDnet permite que los atacantes remotos ejecuten código arbitrario mediante el parámetro ping_addr a ping.ccp. D-Link DIR636L suffers from a remote command injection vulnerability. The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to perform remote code execution. • https://www.exploit-db.com/exploits/41677 http://packetstormsecurity.com/files/130607/D-Link-DIR636L-Remote-Command-Injection.html http://packetstormsecurity.com/files/131465/D-Link-TRENDnet-NCC-Service-Command-Injection.html http://seclists.org/fulldisclosure/2015/Mar/15 http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10052 http://www.securityfocus.com/bid/72848 https://github.com/darkarnium/secpub/tree/master/Multivendor/ncc2 https://seclists.org/fulldisclosure/2015/Mar/15 • CWE-287: Improper Authentication •