CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 1CVE-2023-0640 – TRENDnet TEW-652BRP Web Interface ping.ccp command injection
https://notcve.org/view.php?id=CVE-2023-0640
A vulnerability was found in TRENDnet TEW-652BRP 3.04b01. It has been classified as critical. Affected is an unknown function of the file ping.ccp of the component Web Interface. The manipulation leads to command injection. It is possible to launch the attack remotely. • https://vuldb.com/?ctiid.220020 https://vuldb.com/?id.220020 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-0639 – TRENDnet TEW-652BRP Web Management Interface get_set.ccp cross site scripting
https://notcve.org/view.php?id=CVE-2023-0639
A vulnerability was found in TRENDnet TEW-652BRP 3.04b01 and classified as problematic. This issue affects some unknown processing of the file get_set.ccp of the component Web Management Interface. The manipulation of the argument nextPage leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-220019. • https://vuldb.com/?ctiid.220019 https://vuldb.com/?id.220019 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-0618 – TRENDnet TEW-652BRP Web Service cfg_op.ccp memory corruption
https://notcve.org/view.php?id=CVE-2023-0618
A vulnerability was found in TRENDnet TEW-652BRP 3.04B01. It has been declared as critical. This vulnerability affects unknown code of the file cfg_op.ccp of the component Web Service. The manipulation leads to memory corruption. The attack can be initiated remotely. • https://vuldb.com/?ctiid.219958 https://vuldb.com/?id.219958 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-0611 – TRENDnet TEW-652BRP Web Management Interface get_set.ccp command injection
https://notcve.org/view.php?id=CVE-2023-0611
A vulnerability, which was classified as critical, has been found in TRENDnet TEW-652BRP 3.04B01. This issue affects some unknown processing of the file get_set.ccp of the component Web Management Interface. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?ctiid.219935 https://vuldb.com/?id.219935 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2019-11400
https://notcve.org/view.php?id=CVE-2019-11400
An issue was discovered on TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices. A buffer overflow occurs through the get_set.ccp ccp_act parameter. Se detectó un problema en los dispositivos TRENDnet TEW-651BR versión 2.04B1, TEW-652BRP versión 3.04b01 y TEW-652BRU versión 1.00b12. Se presenta un desbordamiento del búfer por medio del parámetro ccp_act del archivo get_set.ccp. • https://github.com/pr0v3rbs/CVE/blob/master/CVE-2019-11400/ticket.png https://www.trendnet.com/support • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •