CVSS: 4.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-51187
https://notcve.org/view.php?id=CVE-2024-51187
11 Nov 2024 — TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the firewallRule_Name_1.1.1.0.0 parameter on the /firewall_setting.htm page. • https://github.com/4hsien/CVE-vulns/blob/main/TRENDnet/TEW-652BRP/XSS_Firewall_Rule/README.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-51188
https://notcve.org/view.php?id=CVE-2024-51188
11 Nov 2024 — TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the vsRule_VirtualServerName_1.1.10.0.0 parameter on the /virtual_server.htm page. • https://github.com/4hsien/CVE-vulns/blob/main/TRENDnet/TEW-652BRP/XSS_Virtual_Server/README.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-51189
https://notcve.org/view.php?id=CVE-2024-51189
11 Nov 2024 — TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the macList_Name_1.1.1.0.0 parameter on the /filters.htm page. • https://github.com/4hsien/CVE-vulns/blob/main/TRENDnet/TEW-652BRP/XSS_Filter/README.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-51190
https://notcve.org/view.php?id=CVE-2024-51190
11 Nov 2024 — TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the ptRule_ApplicationName_1.1.6.0.0 parameter on the /special_ap.htm page. • https://github.com/4hsien/CVE-vulns/blob/main/TRENDnet/TEW-652BRP/XSS_Special_AP/README.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-0640 – TRENDnet TEW-652BRP Web Interface ping.ccp command injection
https://notcve.org/view.php?id=CVE-2023-0640
02 Feb 2023 — A vulnerability was found in TRENDnet TEW-652BRP 3.04b01. It has been classified as critical. Affected is an unknown function of the file ping.ccp of the component Web Interface. The manipulation leads to command injection. It is possible to launch the attack remotely. • https://vuldb.com/?ctiid.220020 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-0639 – TRENDnet TEW-652BRP Web Management Interface get_set.ccp cross site scripting
https://notcve.org/view.php?id=CVE-2023-0639
02 Feb 2023 — A vulnerability was found in TRENDnet TEW-652BRP 3.04b01 and classified as problematic. This issue affects some unknown processing of the file get_set.ccp of the component Web Management Interface. The manipulation of the argument nextPage leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-220019. • https://vuldb.com/?ctiid.220019 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-0618 – TRENDnet TEW-652BRP Web Service cfg_op.ccp memory corruption
https://notcve.org/view.php?id=CVE-2023-0618
01 Feb 2023 — A vulnerability was found in TRENDnet TEW-652BRP 3.04B01. It has been declared as critical. This vulnerability affects unknown code of the file cfg_op.ccp of the component Web Service. The manipulation leads to memory corruption. The attack can be initiated remotely. • https://vuldb.com/?ctiid.219958 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-0611 – TRENDnet TEW-652BRP Web Management Interface get_set.ccp command injection
https://notcve.org/view.php?id=CVE-2023-0611
01 Feb 2023 — A vulnerability, which was classified as critical, has been found in TRENDnet TEW-652BRP 3.04B01. This issue affects some unknown processing of the file get_set.ccp of the component Web Management Interface. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?ctiid.219935 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 1%CPEs: 6EXPL: 0CVE-2019-11400
https://notcve.org/view.php?id=CVE-2019-11400
18 Dec 2019 — An issue was discovered on TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices. A buffer overflow occurs through the get_set.ccp ccp_act parameter. Se detectó un problema en los dispositivos TRENDnet TEW-651BR versión 2.04B1, TEW-652BRP versión 3.04b01 y TEW-652BRU versión 1.00b12. Se presenta un desbordamiento del búfer por medio del parámetro ccp_act del archivo get_set.ccp. • https://github.com/pr0v3rbs/CVE/blob/master/CVE-2019-11400/ticket.png • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 15%CPEs: 6EXPL: 0CVE-2019-11399
https://notcve.org/view.php?id=CVE-2019-11399
18 Dec 2019 — An issue was discovered on TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices. OS command injection occurs through the get_set.ccp lanHostCfg_HostName_1.1.1.0.0 parameter. Se detectó un problema en los dispositivos TRENDnet TEW-651BR versión 2.04B1, TEW-652BRP versión 3.04b01 y TEW-652BRU versión 1.00b12. Una inyección de comandos del Sistema Operativo se realiza por medio del parámetro lanHostCfg_HostName_1.1.1.0.0 en el archivo get_set.ccp. • https://github.com/pr0v3rbs/CVE/blob/master/CVE-2019-11399/ticket.png • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •