CVSS: 8.8EPSS: 6%CPEs: 2EXPL: 3CVE-2020-14076
https://notcve.org/view.php?id=CVE-2020-14076
15 Jun 2020 — TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action st_dev_connect, st_dev_disconnect, or st_dev_rconnect with a sufficiently long wan_type key. Los dispositivos TRENDnet TEW-827DRU versiones hasta 2.06B04, contienen un desbordamiento de búfer en la región stack de la memoria en el binario ssi. El desbordamiento permite a un usuario autenticado ejecutar ... • https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/TRENDnet-st_dev.pdf • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 3%CPEs: 2EXPL: 0CVE-2020-14074
https://notcve.org/view.php?id=CVE-2020-14074
15 Jun 2020 — TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action kick_ban_wifi_mac_allow with a sufficiently long qcawifi.wifi0_vap0.maclist key. Los dispositivos TRENDnet TEW-827DRU versiones hasta 2.06B04, contienen un desbordamiento de búfer en la región stack de la memoria en el binario ssi. El desbordamiento permite a un usuario autenticado ejecutar código arbit... • https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/TRENDnet-kick_ban_wifi.pdf • CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 12%CPEs: 2EXPL: 0CVE-2020-14075
https://notcve.org/view.php?id=CVE-2020-14075
15 Jun 2020 — TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action pppoe_connect, ru_pppoe_connect, or dhcp_connect with the key wan_ifname (or wan0_dns), allowing an authenticated user to run arbitrary commands on the device. Los dispositivos TRENDnet TEW-827DRU versiones hasta 2.06B04, contienen múltiples inyecciones de comandos en el archivo apply.cgi por medio de la acción pppoe_connect, ru_pppoe_connect o dhcp_connect en la clave wan_ifname (o wan0_dns), permiti... • https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/TRENDnet-dhcp_connect.pdf • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 3%CPEs: 2EXPL: 0CVE-2020-14077
https://notcve.org/view.php?id=CVE-2020-14077
15 Jun 2020 — TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action set_sta_enrollee_pin_wifi1 (or set_sta_enrollee_pin_wifi0) with a sufficiently long wps_sta_enrollee_pin key. Los dispositivos TRENDnet TEW-827DRU versiones hasta 2.06B04, contienen un desbordamiento de búfer en la región stack de la memoria en el binario ssi. El desbordamiento permite a un usuario aute... • https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/TRENDnet-set_sta_enrollee.pdf • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 3%CPEs: 2EXPL: 0CVE-2020-14078
https://notcve.org/view.php?id=CVE-2020-14078
15 Jun 2020 — TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action wifi_captive_portal_login with a sufficiently long REMOTE_ADDR key. Los dispositivos TRENDnet TEW-827DRU versiones hasta 2.06B04, contienen un desbordamiento de búfer en la región stack de la memoria en el binario ssi. El desbordamiento permite a un usuario autenticado ejecutar código arbitrario en la f... • https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/TRENDnet-wifi_captive.pdf • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 4%CPEs: 2EXPL: 0CVE-2020-14079
https://notcve.org/view.php?id=CVE-2020-14079
15 Jun 2020 — TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action auto_up_fw (or auto_up_lp) with a sufficiently long update_file_name key. Los dispositivos TRENDnet TEW-827DRU versiones hasta 2.06B04, contienen un desbordamiento de búfer en la región stack de la memoria en el binario ssi. El desbordamiento permite a un usuario autenticado ejecutar código arbitrario e... • https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/TRENDnet-auto_up_fw.pdf • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 3%CPEs: 2EXPL: 0CVE-2020-14080
https://notcve.org/view.php?id=CVE-2020-14080
15 Jun 2020 — TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an unauthenticated user to execute arbitrary code by POSTing to apply_sec.cgi via the action ping_test with a sufficiently long ping_ipaddr key. Los dispositivos TRENDnet TEW-827DRU versiones hasta 2.06B04, contienen un desbordamiento de búfer en la región stack de la memoria en el binario ssi. El desbordamiento permite a un usuario no autenticado ejecutar código arbitrario en la función ... • https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/TRENDnet-ping_test.pdf • CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 7%CPEs: 2EXPL: 0CVE-2020-14081
https://notcve.org/view.php?id=CVE-2020-14081
15 Jun 2020 — TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action send_log_email with the key auth_acname (or auth_passwd), allowing an authenticated user to run arbitrary commands on the device. Los dispositivos TRENDnet TEW-827DRU versiones hasta 2.06B04, contienen múltiples inyecciones de comandos en el archivo apply.cgi por medio de la acción send_log_email en la clave auth_acname (o auth_passwd), permitiendo a un usuario autenticado ejecutar comandos arbitrario... • https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/send_log_email_command.pdf • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 5%CPEs: 2EXPL: 1CVE-2019-13279
https://notcve.org/view.php?id=CVE-2019-13279
10 Jul 2019 — TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple stack-based buffer overflows when processing user input for the setup wizard, allowing an unauthenticated user to execute arbitrary code. The vulnerability can be exercised on the local intranet or remotely if remote administration is enabled. El dispositivo TEW-827DRU hasta la versión de firmware 2.04B03 e incluida de TRENDnet, contiene múltiples desbordamientos de búfer en la región stack de la memoria al procesar la entrada d... • https://github.com/fuzzywalls/TRENDNetExploits/tree/master/CVE-2019-13279 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 60%CPEs: 2EXPL: 1CVE-2019-13278
https://notcve.org/view.php?id=CVE-2019-13278
10 Jul 2019 — TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple command injections when processing user input for the setup wizard, allowing an unauthenticated user to run arbitrary commands on the device. The vulnerability can be exercised on the local intranet or remotely if remote administration is enabled. El dispositivo TEW-827DRU hasta la versión de firmware 2.04B03 e incluida de TRENDnet, contiene múltiples inyecciones de comandos al procesar la entrada del usuario para el asistente d... • https://github.com/fuzzywalls/TRENDNetExploits/tree/master/CVE-2019-13278 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •