CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51835
https://notcve.org/view.php?id=CVE-2023-51835
01 Feb 2024 — An issue in TRENDnet TEW-822DRE v.1.03B02 allows a local attacker to execute arbitrary code via the parameters ipv4_ping in the /boafrm/formSystemCheck. Un problema en TRENDnet TEW-822DRE v.1.03B02 permite a un atacante local ejecutar código arbitrario a través de los parámetros ipv4_ping en /boafrm/formSystemCheck. • https://warp-desk-89d.notion.site/TEW-822DRE-5289eb95796749c2878843519ab451d8 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.3EPSS: 4%CPEs: 2EXPL: 1CVE-2024-0920 – TRENDnet TEW-822DRE POST Request admin_ping.htm command injection
https://notcve.org/view.php?id=CVE-2024-0920
26 Jan 2024 — A vulnerability was found in TRENDnet TEW-822DRE 1.03B02. It has been declared as critical. This vulnerability affects unknown code of the file /admin_ping.htm of the component POST Request Handler. The manipulation of the argument ipv4_ping/ipv6_ping leads to command injection. The attack can be initiated remotely. • https://vuldb.com/?ctiid.252124 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 6%CPEs: 2EXPL: 1CVE-2024-0919 – TRENDnet TEW-815DAP POST Request do_setNTP command injection
https://notcve.org/view.php?id=CVE-2024-0919
26 Jan 2024 — A vulnerability was found in TRENDnet TEW-815DAP 1.0.2.0. It has been classified as critical. This affects the function do_setNTP of the component POST Request Handler. The manipulation of the argument NtpDstStart/NtpDstEnd leads to command injection. It is possible to initiate the attack remotely. • https://vuldb.com/?ctiid.252123 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.3EPSS: 9%CPEs: 2EXPL: 1CVE-2024-0918 – TRENDnet TEW-800MB POST Request os command injection
https://notcve.org/view.php?id=CVE-2024-0918
26 Jan 2024 — A vulnerability was found in TRENDnet TEW-800MB 1.0.1.0 and classified as critical. Affected by this issue is some unknown functionality of the component POST Request Handler. The manipulation of the argument DeviceURL leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?ctiid.252122 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2024-22545
https://notcve.org/view.php?id=CVE-2024-22545
26 Jan 2024 — An issue was discovered in TRENDnet TEW-824DRU version 1.04b01, allows unauthenticated attackers to execute arbitrary code via the system.ntp.server parameter in the sub_420AE0() function. The attack can be launched remotely. TRENDnet TEW-824DRU versión 1.04b01 es vulnerable a la inyección de comandos a través de system.ntp.server en la función sub_420AE0(). • https://warp-desk-89d.notion.site/TEW-824DRU-e7228d462ce24fa1a9fecb0bee57caad • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.1EPSS: 1%CPEs: 2EXPL: 1CVE-2023-51833
https://notcve.org/view.php?id=CVE-2023-51833
25 Jan 2024 — A command injection issue in TRENDnet TEW-411BRPplus v.2.07_eu that allows a local attacker to execute arbitrary code via the data1 parameter in the debug.cgi page. Un problema de inyección de comandos en TRENDnet TEW-411BRPplus v.2.07_eu que permite a un atacante local ejecutar código arbitrario a través del parámetro data1 en la página debug.cgi. • https://warp-desk-89d.notion.site/TEW-411BRPplus-9bafe26e48964be3be12eab47f77203d • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 2CVE-2023-49235
https://notcve.org/view.php?id=CVE-2023-49235
09 Jan 2024 — An issue was discovered in libremote_dbg.so on TRENDnet TV-IP1314PI 5.5.3 200714 devices. Filtering of debug information is mishandled during use of popen. Consequently, an attacker can bypass validation and execute a shell command. Se descubrió un problema en libremote_dbg.so en dispositivos TRENDnet TV-IP1314PI 5.5.3 200714. El filtrado de información de depuración se maneja mal durante el uso de popen. • https://drive.google.com/file/d/1lTloBkH_7zAz1ZbFVSZnfpoPd81aPaHx/view?usp=sharing •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 2CVE-2023-49236
https://notcve.org/view.php?id=CVE-2023-49236
09 Jan 2024 — A stack-based buffer overflow was discovered on TRENDnet TV-IP1314PI 5.5.3 200714 devices, leading to arbitrary command execution. This occurs because of lack of length validation during an sscanf of a user-entered scale field in the RTSP playback function of davinci. Se descubrió un desbordamiento de búfer en la región stack de la memoria en dispositivos TRENDnet TV-IP1314PI 5.5.3 200714, lo que provocó la ejecución de comandos arbitrarios. Esto ocurre debido a la falta de validación de longitud durante un... • https://drive.google.com/file/d/1lTloBkH_7zAz1ZbFVSZnfpoPd81aPaHx/view?usp=sharing • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 14%CPEs: 2EXPL: 2CVE-2023-49237
https://notcve.org/view.php?id=CVE-2023-49237
09 Jan 2024 — An issue was discovered on TRENDnet TV-IP1314PI 5.5.3 200714 devices. Command injection can occur because the system function is used by davinci to unpack language packs without strict filtering of URL strings. Se descubrió un problema en los dispositivos TRENDnet TV-IP1314PI 5.5.3 200714. La inyección de comandos puede ocurrir porque davinci utiliza la función del sistema para descomprimir paquetes de idiomas sin un filtrado estricto de las cadenas de URL. • https://drive.google.com/file/d/1lTloBkH_7zAz1ZbFVSZnfpoPd81aPaHx/view?usp=sharing • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-0640 – TRENDnet TEW-652BRP Web Interface ping.ccp command injection
https://notcve.org/view.php?id=CVE-2023-0640
02 Feb 2023 — A vulnerability was found in TRENDnet TEW-652BRP 3.04b01. It has been classified as critical. Affected is an unknown function of the file ping.ccp of the component Web Interface. The manipulation leads to command injection. It is possible to launch the attack remotely. • https://vuldb.com/?ctiid.220020 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •