CVE-2019-13151

HIGH

8.8

CVSS Severity Score

EPSS Score0.1240%

EPSS Percentile12.56th

PublishedJul 2, 2019

Last ModifiedNov 21, 2024

Vulnerability Description

An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the action set_sta_enrollee_pin_5g and the key wps_sta_enrollee_pin.

Affected Platforms (CPE)

💻

Trendnet

Tew 827dru Firmware

< 2.05b11

References & Advisories

🔗 https://github.com/TeamSeri0us/pocs/blob/master/iot/trendnet/cmdinject3.jpg

Related Vulnerabilities

CVE-2019-132789.8

TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple command injections when processing user input for ...

CVE-2019-132799.8

TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple stack-based buffer overflows when processing user ...

CVE-2019-132769.8

TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains a stack-based buffer overflow in the ssi binary. The overfl...

CVE-2019-131508.8

An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable wit...