CVE-2019-13279
Severity Score
9.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple stack-based buffer overflows when processing user input for the setup wizard, allowing an unauthenticated user to execute arbitrary code. The vulnerability can be exercised on the local intranet or remotely if remote administration is enabled.
El dispositivo TEW-827DRU hasta la versión de firmware 2.04B03 e incluida de TRENDnet, contiene múltiples desbordamientos de búfer en la región stack de la memoria al procesar la entrada del usuario para el asistente de configuración, lo que permite a un usuario no autenticado ejecutar código arbitrario. La vulnerabilidad se puede ejercer en la intranet local o remotamente, si la administración remota está habilitada.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-07-04 CVE Reserved
- 2019-07-10 CVE Published
- 2024-06-18 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/fuzzywalls/TRENDNetExploits/tree/master/CVE-2019-13279 | 2024-08-04 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Trendnet Search vendor "Trendnet" | Tew-827dru Firmware Search vendor "Trendnet" for product "Tew-827dru Firmware" | <= 2.04b03 Search vendor "Trendnet" for product "Tew-827dru Firmware" and version " <= 2.04b03" | - |
Affected
| in | Trendnet Search vendor "Trendnet" | Tew-827dru Search vendor "Trendnet" for product "Tew-827dru" | 2.0 Search vendor "Trendnet" for product "Tew-827dru" and version "2.0" | - |
Safe
|