5 results (0.010 seconds)

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The username and password setup for the web interface does not require entering the existing password. A malicious user can change the username and password of the interface. Se encontró un problema en los dispositivos TRENDnet TEW-831DR versión 1.0 601.130.1.1356. La configuración del nombre de usuario y la contraseña para la interfaz web no requiere la introducción de la contraseña existente. • https://research.nccgroup.com/2022/06/10/technical-advisory-multiple-vulnerabilities-in-trendnet-tew-831dr-wifi-router-cve-2022-30325-cve-2022-30326-cve-2022-30327-cve-2022-30328-cve-2022-30329 https://research.nccgroup.com/?research=Technical+advisories • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1

An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The web interface is vulnerable to CSRF. An attacker can change the pre-shared key of the Wi-Fi router if the interface's IP address is known. Se encontró un problema en los dispositivos TRENDnet TEW-831DR versión 1.0 601.130.1.1356. La interfaz web es vulnerable a un ataque de tipo CSRF. • https://research.nccgroup.com/2022/06/10/technical-advisory-multiple-vulnerabilities-in-trendnet-tew-831dr-wifi-router-cve-2022-30325-cve-2022-30326-cve-2022-30327-cve-2022-30328-cve-2022-30329 https://research.nccgroup.com/?research=Technical+advisories • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0

An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. An OS injection vulnerability exists within the web interface, allowing an attacker with valid credentials to execute arbitrary shell commands. Se ha encontrado un problema en los dispositivos TRENDnet TEW-831DR versión 1.0 601.130.1.1356. Se presenta una vulnerabilidad de inyección en el Sistema Operativo dentro de la interfaz web, lo que permite a un atacante con credenciales válidas ejecutar comandos de shell arbitrarios • https://research.nccgroup.com/2022/06/10/technical-advisory-multiple-vulnerabilities-in-trendnet-tew-831dr-wifi-router-cve-2022-30325-cve-2022-30326-cve-2022-30327-cve-2022-30328-cve-2022-30329 https://research.nccgroup.com/?research=Technical+advisories • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0

An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The network pre-shared key field on the web interface is vulnerable to XSS. An attacker can use a simple XSS payload to crash the basic.config page of the web interface. Se encontró un problema en los dispositivos TRENDnet TEW-831DR versión 1.0 601.130.1.1356. El campo de la clave precompartida de red en la interfaz web es vulnerable a un ataque de tipo XSS. • https://research.nccgroup.com/2022/06/10/technical-advisory-multiple-vulnerabilities-in-trendnet-tew-831dr-wifi-router-cve-2022-30325-cve-2022-30326-cve-2022-30327-cve-2022-30328-cve-2022-30329 https://research.nccgroup.com/?research=Technical+advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The default pre-shared key for the Wi-Fi networks is the same for every router except for the last four digits. The device default pre-shared key for both 2.4 GHz and 5 GHz networks can be guessed or brute-forced by an attacker within range of the Wi-Fi network. Se encontró un problema en los dispositivos TRENDnet TEW-831DR versión 1.0 601.130.1.1356. La clave precompartida por defecto para las redes Wi-Fi es la misma para todos los enrutadores, excepto por los últimos cuatro dígitos. • https://research.nccgroup.com/2022/06/10/technical-advisory-multiple-vulnerabilities-in-trendnet-tew-831dr-wifi-router-cve-2022-30325-cve-2022-30326-cve-2022-30327-cve-2022-30328-cve-2022-30329 https://research.nccgroup.com/?research=Technical+advisories • CWE-521: Weak Password Requirements •