| Description |
|---|
|
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action st_dev_connect, st_dev_disconnect, or st_dev_rconnect with a sufficiently long wan_type key. Impacted versions: - Base Score: 0.0, Severity: NA, ID: CVE-2020-14076, Last Modified: 2020-06-15T13:15:00Z References AdvisoryModemly Security Checklist Trendnet-TEW-827DRU-router-setup |
|
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action kick_ban_wifi_mac_allow with a sufficiently long qcawifi.wifi0_vap0.maclist key. Impacted versions: - Base Score: 0.0, Severity: NA, ID: CVE-2020-14074, Last Modified: 2020-06-15T04:15:00Z References AdvisoryModemly Security Checklist Trendnet-TEW-827DRU-router-setup |
|
TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action pppoe_connect, ru_pppoe_connect, or dhcp_connect with the key wan_ifname (or wan0_dns), allowing an authenticated user to run arbitrary commands on the device. Impacted versions: - Base Score: 0.0, Severity: NA, ID: CVE-2020-14075, Last Modified: 2020-06-15T04:15:00Z References AdvisoryModemly Security Checklist Trendnet-TEW-827DRU-router-setup |
|
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action set_sta_enrollee_pin_wifi1 (or set_sta_enrollee_pin_wifi0) with a sufficiently long wps_sta_enrollee_pin key. Impacted versions: - Base Score: 0.0, Severity: NA, ID: CVE-2020-14077, Last Modified: 2020-06-15T04:15:00Z References AdvisoryModemly Security Checklist Trendnet-TEW-827DRU-router-setup |
|
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action wifi_captive_portal_login with a sufficiently long REMOTE_ADDR key. Impacted versions: - Base Score: 0.0, Severity: NA, ID: CVE-2020-14078, Last Modified: 2020-06-15T04:15:00Z References AdvisoryModemly Security Checklist Trendnet-TEW-827DRU-router-setup |
|
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action auto_up_fw (or auto_up_lp) with a sufficiently long update_file_name key. Impacted versions: - Base Score: 0.0, Severity: NA, ID: CVE-2020-14079, Last Modified: 2020-06-15T04:15:00Z References AdvisoryModemly Security Checklist Trendnet-TEW-827DRU-router-setup |
|
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an unauthenticated user to execute arbitrary code by POSTing to apply_sec.cgi via the action ping_test with a sufficiently long ping_ipaddr key. Impacted versions: - Base Score: 0.0, Severity: NA, ID: CVE-2020-14080, Last Modified: 2020-06-15T04:15:00Z References AdvisoryModemly Security Checklist Trendnet-TEW-827DRU-router-setup |
|
TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action send_log_email with the key auth_acname (or auth_passwd), allowing an authenticated user to run arbitrary commands on the device. Impacted versions: - Base Score: 0.0, Severity: NA, ID: CVE-2020-14081, Last Modified: 2020-06-15T04:15:00Z References AdvisoryModemly Security Checklist Trendnet-TEW-827DRU-router-setup |
USAGE: Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.
