CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22546
https://notcve.org/view.php?id=CVE-2024-22546
30 Apr 2024 — TRENDnet TEW-815DAP 1.0.2.0 is vulnerable to Command Injection via the do_setNTP function. An authenticated attacker with administrator privileges can leverage this vulnerability over the network via a malicious POST request. TRENDnet TEW-815DAP 1.0.2.0 es vulnerable a la inyección de comandos a través de la función do_setNTP. Un atacante autenticado con privilegios de administrador puede aprovechar esta vulnerabilidad en la red mediante una solicitud POST maliciosa. • https://warp-desk-89d.notion.site/TEW-815DAP-94a631c20dee4f399268dbcc880f1f4c • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 6%CPEs: 2EXPL: 1CVE-2024-0919 – TRENDnet TEW-815DAP POST Request do_setNTP command injection
https://notcve.org/view.php?id=CVE-2024-0919
26 Jan 2024 — A vulnerability was found in TRENDnet TEW-815DAP 1.0.2.0. It has been classified as critical. This affects the function do_setNTP of the component POST Request Handler. The manipulation of the argument NtpDstStart/NtpDstEnd leads to command injection. It is possible to initiate the attack remotely. • https://vuldb.com/?ctiid.252123 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •