CVE-2019-13150

HIGH

8.8

CVSS Severity Score

EPSS Score0.0270%

EPSS Percentile34.04th

Published2019年7月2日

Last Modified2024年11月21日

Vulnerability Description

An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication). The command injection exists in the key ip_addr.

Affected Platforms (CPE)

💻

Trendnet

Tew 827dru Firmware

< 2.05b11

References & Advisories

🔗 https://github.com/TeamSeri0us/pocs/blob/master/iot/trendnet/cmdinject1.jpg

関連する脆弱性情報

CVE-2019-132789.8

TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple command injections when processing user input for ...

CVE-2019-132799.8

TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple stack-based buffer overflows when processing user ...

CVE-2019-132769.8

TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains a stack-based buffer overflow in the ssi binary. The overfl...

CVE-2019-131518.8

An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable wit...