CVSS: 4.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-51187
https://notcve.org/view.php?id=CVE-2024-51187
11 Nov 2024 — TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the firewallRule_Name_1.1.1.0.0 parameter on the /firewall_setting.htm page. • https://github.com/4hsien/CVE-vulns/blob/main/TRENDnet/TEW-652BRP/XSS_Firewall_Rule/README.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-51188
https://notcve.org/view.php?id=CVE-2024-51188
11 Nov 2024 — TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the vsRule_VirtualServerName_1.1.10.0.0 parameter on the /virtual_server.htm page. • https://github.com/4hsien/CVE-vulns/blob/main/TRENDnet/TEW-652BRP/XSS_Virtual_Server/README.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-51189
https://notcve.org/view.php?id=CVE-2024-51189
11 Nov 2024 — TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the macList_Name_1.1.1.0.0 parameter on the /filters.htm page. • https://github.com/4hsien/CVE-vulns/blob/main/TRENDnet/TEW-652BRP/XSS_Filter/README.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-51190
https://notcve.org/view.php?id=CVE-2024-51190
11 Nov 2024 — TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the ptRule_ApplicationName_1.1.6.0.0 parameter on the /special_ap.htm page. • https://github.com/4hsien/CVE-vulns/blob/main/TRENDnet/TEW-652BRP/XSS_Special_AP/README.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 6EXPL: 0CVE-2019-11400
https://notcve.org/view.php?id=CVE-2019-11400
18 Dec 2019 — An issue was discovered on TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices. A buffer overflow occurs through the get_set.ccp ccp_act parameter. Se detectó un problema en los dispositivos TRENDnet TEW-651BR versión 2.04B1, TEW-652BRP versión 3.04b01 y TEW-652BRU versión 1.00b12. Se presenta un desbordamiento del búfer por medio del parámetro ccp_act del archivo get_set.ccp. • https://github.com/pr0v3rbs/CVE/blob/master/CVE-2019-11400/ticket.png • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 15%CPEs: 6EXPL: 0CVE-2019-11399
https://notcve.org/view.php?id=CVE-2019-11399
18 Dec 2019 — An issue was discovered on TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices. OS command injection occurs through the get_set.ccp lanHostCfg_HostName_1.1.1.0.0 parameter. Se detectó un problema en los dispositivos TRENDnet TEW-651BR versión 2.04B1, TEW-652BRP versión 3.04b01 y TEW-652BRU versión 1.00b12. Una inyección de comandos del Sistema Operativo se realiza por medio del parámetro lanHostCfg_HostName_1.1.1.0.0 en el archivo get_set.ccp. • https://github.com/pr0v3rbs/CVE/blob/master/CVE-2019-11399/ticket.png • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 79%CPEs: 36EXPL: 4CVE-2015-1187 – D-Link and TRENDnet Multiple Devices Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-1187
02 Mar 2015 — The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp. La herramienta de ping en múltiples dispositivos D-Link y TRENDnet permite que los atacantes remotos ejecuten código arbitrario mediante el parámetro ping_addr a ping.ccp. D-Link DIR636L suffers from a remote command injection vulnerability. The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to perform remote code execution. • https://packetstorm.news/files/id/131465 • CWE-287: Improper Authentication •