Filtered by vendor Trendnet Subscriptions
Total 140 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-30325 1 Trendnet 2 Tew-831dr, Tew-831dr Firmware 2024-11-21 8.8 High
An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The default pre-shared key for the Wi-Fi networks is the same for every router except for the last four digits. The device default pre-shared key for both 2.4 GHz and 5 GHz networks can be guessed or brute-forced by an attacker within range of the Wi-Fi network.
CVE-2021-33317 1 Trendnet 18 Teg-30102ws, Teg-30102ws Firmware, Ti-g102i and 15 more 2024-11-21 7.5 High
The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from a null pointer dereference vulnerability. This vulnerability exists in its lldp related component. Due to fail to check if ChassisID TLV is contained in the packet, by sending a crafted lldp packet to the device, an attacker can crash the process due to null pointer dereference.
CVE-2021-33316 1 Trendnet 18 Teg-30102ws, Teg-30102ws Firmware, Ti-g102i and 15 more 2024-11-21 9.8 Critical
The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from an integer underflow vulnerability. This vulnerability exists in its lldp related component. Due to lack of proper validation on length field of ChassisID TLV, by sending a crafted lldp packet to the device, integer underflow would occur and the negative number will be passed to memcpy() later, which may cause buffer overflow or invalid memory access.
CVE-2021-33315 1 Trendnet 18 Teg-30102ws, Teg-30102ws Firmware, Ti-g102i and 15 more 2024-11-21 9.8 Critical
The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from an integer underflow vulnerability. This vulnerability exists in its lldp related component. Due to lack of proper validation on length field of PortID TLV, by sending a crafted lldp packet to the device, integer underflow would occur and the negative number will be passed to memcpy() later, which may cause buffer overflow or invalid memory access.
CVE-2021-32426 1 Trendnet 2 Tw100-s4w1ca, Tw100-s4w1ca Firmware 2024-11-21 6.1 Medium
In TrendNet TW100-S4W1CA 2.3.32, it is possible to inject arbitrary JavaScript into the router's web interface via the "echo" command.
CVE-2021-32424 1 Trendnet 2 Tw100-s4w1ca, Tw100-s4w1ca Firmware 2024-11-21 8.8 High
In TrendNet TW100-S4W1CA 2.3.32, due to a lack of proper session controls, a threat actor could make unauthorized changes to an affected router via a specially crafted web page. If an authenticated user were to interact with a malicious web page it could allow for a complete takeover of the router.
CVE-2021-31655 1 Trendnet 2 Tv-ip110wn, Tv-ip110wn Firmware 2024-11-21 6.1 Medium
Cross Site Scripting (XSS) vulnerability in TRENDnet TV-IP110WN V1.2.2.64 V1.2.2.65 V1.2.2.68 via the profile parameter. in a GET request in view.cgi.
CVE-2021-28846 1 Trendnet 8 Tew-755ap, Tew-755ap2kac, Tew-755ap2kac Firmware and 5 more 2024-11-21 6.5 Medium
A Format String vulnerablity exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of service due to a logic bug at address 0x40dcd0 when calling fprintf with "%s: key len = %d, too long\n" format. The two variables seem to be put in the wrong order. The vulnerability could be triggered by sending the POST request to apply_cgi with a long and unknown key in the request body.
CVE-2021-28845 1 Trendnet 8 Tew-755ap, Tew-755ap2kac, Tew-755ap2kac Firmware and 5 more 2024-11-21 7.5 High
Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of service by sending the POST request to apply_cgi via the lang action without a language key.
CVE-2021-28844 1 Trendnet 8 Tew-755ap, Tew-755ap2kac, Tew-755ap2kac Firmware and 5 more 2024-11-21 7.5 High
Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03 by sending the POST request to apply_cgi via a do_graph_auth action without a session_id key.
CVE-2021-28843 1 Trendnet 8 Tew-755ap, Tew-755ap2kac, Tew-755ap2kac Firmware and 5 more 2024-11-21 7.5 High
Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03 by sending the POST request to apply_cgi with an unknown action name.
CVE-2021-28842 1 Trendnet 8 Tew-755ap, Tew-755ap2kac, Tew-755ap2kac Firmware and 5 more 2024-11-21 7.5 High
Null Pointer Deference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial os service by sending the POST request to apply_cgi via action do_graph_auth without login_name key.
CVE-2021-28841 1 Trendnet 8 Tew-755ap, Tew-755ap2kac, Tew-755ap2kac Firmware and 5 more 2024-11-21 7.5 High
Null Pointer Dereference vulnerability in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of service by sending a POST request to apply_cgi via an action ping_test without a ping_ipaddr key.
CVE-2021-20165 1 Trendnet 2 Tew-827dru, Tew-827dru Firmware 2024-11-21 8.8 High
Trendnet AC2600 TEW-827DRU version 2.08B01 does not properly implement csrf protections. Most pages lack proper usage of CSRF protections or mitigations. Additionally, pages that do make use of CSRF tokens are trivially bypassable as the server does not appear to validate them properly (i.e. re-using an old token or finding the token thru some other method is possible).
CVE-2021-20164 1 Trendnet 2 Tew-827dru, Tew-827dru Firmware 2024-11-21 4.9 Medium
Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses credentials for the smb functionality of the device. Usernames and passwords for all smb users are revealed in plaintext on the smbserver.asp page.
CVE-2021-20163 1 Trendnet 2 Tew-827dru, Tew-827dru Firmware 2024-11-21 4.9 Medium
Trendnet AC2600 TEW-827DRU version 2.08B01 leaks information via the ftp web page. Usernames and passwords for all ftp users are revealed in plaintext on the ftpserver.asp page.
CVE-2021-20162 1 Trendnet 2 Tew-827dru, Tew-827dru Firmware 2024-11-21 4.9 Medium
Trendnet AC2600 TEW-827DRU version 2.08B01 stores credentials in plaintext. Usernames and passwords are stored in plaintext in the config files on the device. For example, /etc/config/cameo contains the admin password in plaintext.
CVE-2021-20161 1 Trendnet 2 Tew-827dru, Tew-827dru Firmware 2024-11-21 6.8 Medium
Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient protections for the UART functionality. A malicious actor with physical access to the device is able to connect to the UART port via a serial connection. No username or password is required and the user is given a root shell with full control of the device.
CVE-2021-20160 1 Trendnet 2 Tew-827dru, Tew-827dru Firmware 2024-11-21 8.8 High
Trendnet AC2600 TEW-827DRU version 2.08B01 contains a command injection vulnerability in the smb functionality of the device. The username parameter used when configuring smb functionality for the device is vulnerable to command injection as root.
CVE-2021-20159 1 Trendnet 2 Tew-827dru, Tew-827dru Firmware 2024-11-21 8.8 High
Trendnet AC2600 TEW-827DRU version 2.08B01 is vulnerable to command injection. The system log functionality of the firmware allows for command injection as root by supplying a malformed parameter.