CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 1CVE-2024-0920 – TRENDnet TEW-822DRE POST Request admin_ping.htm command injection
https://notcve.org/view.php?id=CVE-2024-0920
A vulnerability was found in TRENDnet TEW-822DRE 1.03B02. It has been declared as critical. This vulnerability affects unknown code of the file /admin_ping.htm of the component POST Request Handler. The manipulation of the argument ipv4_ping/ipv6_ping leads to command injection. The attack can be initiated remotely. • https://vuldb.com/?ctiid.252124 https://vuldb.com/?id.252124 https://warp-desk-89d.notion.site/TEW-822DRE-5289eb95796749c2878843519ab451d8?pvs=4 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2024-0919 – TRENDnet TEW-815DAP POST Request do_setNTP command injection
https://notcve.org/view.php?id=CVE-2024-0919
A vulnerability was found in TRENDnet TEW-815DAP 1.0.2.0. It has been classified as critical. This affects the function do_setNTP of the component POST Request Handler. The manipulation of the argument NtpDstStart/NtpDstEnd leads to command injection. It is possible to initiate the attack remotely. • https://vuldb.com/?ctiid.252123 https://vuldb.com/?id.252123 https://warp-desk-89d.notion.site/TEW-815DAP-94a631c20dee4f399268dbcc880f1f4c?pvs=4 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 1CVE-2024-0918 – TRENDnet TEW-800MB POST Request os command injection
https://notcve.org/view.php?id=CVE-2024-0918
A vulnerability was found in TRENDnet TEW-800MB 1.0.1.0 and classified as critical. Affected by this issue is some unknown functionality of the component POST Request Handler. The manipulation of the argument DeviceURL leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?ctiid.252122 https://vuldb.com/?id.252122 https://warp-desk-89d.notion.site/TEW-800MB-1f9576ce12234b72b08b9c7f4c7d32a6?pvs=4 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2024-22545
https://notcve.org/view.php?id=CVE-2024-22545
An issue was discovered in TRENDnet TEW-824DRU version 1.04b01, allows unauthenticated attackers to execute arbitrary code via the system.ntp.server parameter in the sub_420AE0() function. The attack can be launched remotely. TRENDnet TEW-824DRU versión 1.04b01 es vulnerable a la inyección de comandos a través de system.ntp.server en la función sub_420AE0(). • https://warp-desk-89d.notion.site/TEW-824DRU-e7228d462ce24fa1a9fecb0bee57caad • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 1CVE-2023-51833
https://notcve.org/view.php?id=CVE-2023-51833
A command injection issue in TRENDnet TEW-411BRPplus v.2.07_eu that allows a local attacker to execute arbitrary code via the data1 parameter in the debug.cgi page. Un problema de inyección de comandos en TRENDnet TEW-411BRPplus v.2.07_eu que permite a un atacante local ejecutar código arbitrario a través del parámetro data1 en la página debug.cgi. • https://warp-desk-89d.notion.site/TEW-411BRPplus-9bafe26e48964be3be12eab47f77203d https://www.trendnet.com/support/support-detail.asp?prod=160_TEW-411BRPplus • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •