CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2022-31873
https://notcve.org/view.php?id=CVE-2022-31873
17 Jun 2022 — Trendnet IP-110wn camera fw_tv-ip110wn_v2(1.2.2.68) has an XSS vulnerability via the prefix parameter in /admin/general.cgi. La cámara Trendnet IP-110wn versión fw_tv-ip110wn_v2(1.2.2.68), presenta una vulnerabilidad de tipo XSS por medio del parámetro prefix en el archivo /admin/general.cgi • https://github.com/jayus0821/uai-poc/blob/main/Trendnet/IP-110wn/xss2.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2022-31875
https://notcve.org/view.php?id=CVE-2022-31875
17 Jun 2022 — Trendnet IP-110wn camera fw_tv-ip110wn_v2(1.2.2.68) has an xss vulnerability via the proname parameter in /admin/scheprofile.cgi La cámara Trendnet IP-110wn versión fw_tv-ip110wn_v2(1.2.2.68), presenta una vulnerabilidad de tipo xss por medio del parámetro proname en el archivo /admin/scheprofile.cgi • https://github.com/jayus0821/uai-poc/blob/main/Trendnet/IP-110wn/xss1.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-30326
https://notcve.org/view.php?id=CVE-2022-30326
16 Jun 2022 — An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The network pre-shared key field on the web interface is vulnerable to XSS. An attacker can use a simple XSS payload to crash the basic.config page of the web interface. Se encontró un problema en los dispositivos TRENDnet TEW-831DR versión 1.0 601.130.1.1356. El campo de la clave precompartida de red en la interfaz web es vulnerable a un ataque de tipo XSS. • https://research.nccgroup.com/2022/06/10/technical-advisory-multiple-vulnerabilities-in-trendnet-tew-831dr-wifi-router-cve-2022-30325-cve-2022-30326-cve-2022-30327-cve-2022-30328-cve-2022-30329 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2022-30327
https://notcve.org/view.php?id=CVE-2022-30327
16 Jun 2022 — An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The web interface is vulnerable to CSRF. An attacker can change the pre-shared key of the Wi-Fi router if the interface's IP address is known. Se encontró un problema en los dispositivos TRENDnet TEW-831DR versión 1.0 601.130.1.1356. La interfaz web es vulnerable a un ataque de tipo CSRF. • https://research.nccgroup.com/2022/06/10/technical-advisory-multiple-vulnerabilities-in-trendnet-tew-831dr-wifi-router-cve-2022-30325-cve-2022-30326-cve-2022-30327-cve-2022-30328-cve-2022-30329 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-30328
https://notcve.org/view.php?id=CVE-2022-30328
16 Jun 2022 — An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The username and password setup for the web interface does not require entering the existing password. A malicious user can change the username and password of the interface. Se encontró un problema en los dispositivos TRENDnet TEW-831DR versión 1.0 601.130.1.1356. La configuración del nombre de usuario y la contraseña para la interfaz web no requiere la introducción de la contraseña existente. • https://research.nccgroup.com/2022/06/10/technical-advisory-multiple-vulnerabilities-in-trendnet-tew-831dr-wifi-router-cve-2022-30325-cve-2022-30326-cve-2022-30327-cve-2022-30328-cve-2022-30329 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-30329
https://notcve.org/view.php?id=CVE-2022-30329
16 Jun 2022 — An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. An OS injection vulnerability exists within the web interface, allowing an attacker with valid credentials to execute arbitrary shell commands. Se ha encontrado un problema en los dispositivos TRENDnet TEW-831DR versión 1.0 601.130.1.1356. Se presenta una vulnerabilidad de inyección en el Sistema Operativo dentro de la interfaz web, lo que permite a un atacante con credenciales válidas ejecutar comandos de shell arbitrarios • https://research.nccgroup.com/2022/06/10/technical-advisory-multiple-vulnerabilities-in-trendnet-tew-831dr-wifi-router-cve-2022-30325-cve-2022-30326-cve-2022-30327-cve-2022-30328-cve-2022-30329 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-30325
https://notcve.org/view.php?id=CVE-2022-30325
16 Jun 2022 — An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The default pre-shared key for the Wi-Fi networks is the same for every router except for the last four digits. The device default pre-shared key for both 2.4 GHz and 5 GHz networks can be guessed or brute-forced by an attacker within range of the Wi-Fi network. Se encontró un problema en los dispositivos TRENDnet TEW-831DR versión 1.0 601.130.1.1356. La clave precompartida por defecto para las redes Wi-Fi es la misma para todos los enruta... • https://research.nccgroup.com/2022/06/10/technical-advisory-multiple-vulnerabilities-in-trendnet-tew-831dr-wifi-router-cve-2022-30325-cve-2022-30326-cve-2022-30327-cve-2022-30328-cve-2022-30329 • CWE-521: Weak Password Requirements •
CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 0CVE-2021-33317
https://notcve.org/view.php?id=CVE-2021-33317
11 May 2022 — The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from a null pointer dereference vulnerability. This vulnerability exists in its lldp related component. Due to fail to check if ChassisID TLV is contained in the packet, by sending a crafted lldp packet to the device, an attacker can crash the process due to null pointer dereference. El switch TRENDnet TI-PG1284i (hw versión v2.0R) versiones anteriores a 2.0.2.S0, sufre una vulnerabilidad de desreferencia de puntero null. Esta vulner... • https://www.trendnet.com/support/view.asp?cat=4&id=81 • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0CVE-2021-33315
https://notcve.org/view.php?id=CVE-2021-33315
11 May 2022 — The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from an integer underflow vulnerability. This vulnerability exists in its lldp related component. Due to lack of proper validation on length field of PortID TLV, by sending a crafted lldp packet to the device, integer underflow would occur and the negative number will be passed to memcpy() later, which may cause buffer overflow or invalid memory access. El switch TRENDnet TI-PG1284i (hw versión v2.0R) versiones anteriores a 2.0.2.S0,... • https://www.trendnet.com/support/view.asp?cat=4&id=81 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0CVE-2021-33316
https://notcve.org/view.php?id=CVE-2021-33316
11 May 2022 — The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from an integer underflow vulnerability. This vulnerability exists in its lldp related component. Due to lack of proper validation on length field of ChassisID TLV, by sending a crafted lldp packet to the device, integer underflow would occur and the negative number will be passed to memcpy() later, which may cause buffer overflow or invalid memory access. El switch TRENDnet TI-PG1284i (hw versión v2.0R) versiones anteriores a 2.0.2.... • https://www.trendnet.com/support/view.asp?cat=4&id=81 • CWE-20: Improper Input Validation •