Filtered by vendor Trendnet Subscriptions
Total 140 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2015-1187 2 Dlink, Trendnet 30 Dir-626l, Dir-626l Firmware, Dir-636l and 27 more 2024-12-20 9.8 Critical
The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp.
CVE-2023-0611 1 Trendnet 2 Tew-652brp, Tew-652brp Firmware 2024-11-25 8.8 High
A vulnerability, which was classified as critical, has been found in TRENDnet TEW-652BRP 3.04B01. This issue affects some unknown processing of the file get_set.ccp of the component Web Management Interface. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-219935.
CVE-2024-37645 1 Trendnet 1 Tew-814dap 2024-11-21 8.8 High
TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack overflow vulnerability via the submit-url parameter at /formSysLog .
CVE-2024-37644 1 Trendnet 1 Tew-814dap 2024-11-21 8.8 High
TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root.
CVE-2024-37643 1 Trendnet 1 Tew-814dap 2024-11-21 8.8 High
TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack overflow vulnerability via the submit-url parameter at /formPasswordAuth .
CVE-2024-37641 1 Trendnet 1 Tew-814dap 2024-11-21 8.8 High
TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack overflow via the submit-url parameter at /formNewSchedule
CVE-2024-22545 1 Trendnet 2 Tew-824dru, Tew-824dru Firmware 2024-11-21 7.8 High
An issue was discovered in TRENDnet TEW-824DRU version 1.04b01, allows unauthenticated attackers to execute arbitrary code via the system.ntp.server parameter in the sub_420AE0() function. The attack can be launched remotely.
CVE-2024-0920 1 Trendnet 2 Tew-822dre, Tew-822dre Firmware 2024-11-21 7.2 High
A vulnerability was found in TRENDnet TEW-822DRE 1.03B02. It has been declared as critical. This vulnerability affects unknown code of the file /admin_ping.htm of the component POST Request Handler. The manipulation of the argument ipv4_ping/ipv6_ping leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252124. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-0919 1 Trendnet 2 Tew-815dap, Tew-815dap Firmware 2024-11-21 8.8 High
A vulnerability was found in TRENDnet TEW-815DAP 1.0.2.0. It has been classified as critical. This affects the function do_setNTP of the component POST Request Handler. The manipulation of the argument NtpDstStart/NtpDstEnd leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252123. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-0918 1 Trendnet 2 Tew-800mb, Tew-800mb Firmware 2024-11-21 7.2 High
A vulnerability was found in TRENDnet TEW-800MB 1.0.1.0 and classified as critical. Affected by this issue is some unknown functionality of the component POST Request Handler. The manipulation of the argument DeviceURL leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252122 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-51833 1 Trendnet 2 Tew-411brpplus, Tew-411brpplus Firmware 2024-11-21 8.1 High
A command injection issue in TRENDnet TEW-411BRPplus v.2.07_eu that allows a local attacker to execute arbitrary code via the data1 parameter in the debug.cgi page.
CVE-2023-49237 1 Trendnet 2 Tv-ip1314pi, Tv-ip1314pi Firmware 2024-11-21 9.8 Critical
An issue was discovered on TRENDnet TV-IP1314PI 5.5.3 200714 devices. Command injection can occur because the system function is used by davinci to unpack language packs without strict filtering of URL strings.
CVE-2023-49236 1 Trendnet 2 Tv-ip1314pi, Tv-ip1314pi Firmware 2024-11-21 9.8 Critical
A stack-based buffer overflow was discovered on TRENDnet TV-IP1314PI 5.5.3 200714 devices, leading to arbitrary command execution. This occurs because of lack of length validation during an sscanf of a user-entered scale field in the RTSP playback function of davinci.
CVE-2023-49235 1 Trendnet 2 Tv-ip1314pi, Tv-ip1314pi Firmware 2024-11-21 9.8 Critical
An issue was discovered in libremote_dbg.so on TRENDnet TV-IP1314PI 5.5.3 200714 devices. Filtering of debug information is mishandled during use of popen. Consequently, an attacker can bypass validation and execute a shell command.
CVE-2023-24099 1 Trendnet 2 Tew-820ap, Tew-820ap Firmware 2024-11-21 8.8 High
TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the username parameter at /formWizardPassword. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2023-24098 1 Trendnet 2 Tew-820ap, Tew-820ap Firmware 2024-11-21 8.8 High
TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the submit-url parameter at /formSysLog. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2023-24097 1 Trendnet 2 Tew-820ap, Tew-820ap Firmware 2024-11-21 8.8 High
TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the submit-url parameter at /formPasswordAuth. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2023-24096 1 Trendnet 2 Tew-820ap, Tew-820ap Firmware 2024-11-21 8.8 High
TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the newpass parameter at /formPasswordSetup. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2023-24095 1 Trendnet 2 Tew-820ap, Tew-820ap Firmware 2024-11-21 8.8 High
TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the submit-url parameter at /formSystemCheck. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2023-23120 1 Trendnet 2 Tv-ip651wi, Tv-ip651wi Firmware 2024-11-21 5.9 Medium
The use of the cyclic redundancy check (CRC) algorithm for integrity check during firmware update makes TRENDnet TV-IP651WI Network Camera firmware version v1.07.01 and earlier vulnerable to firmware modification attacks. An attacker can conduct a man-in-the-middle (MITM) attack to modify the new firmware image and bypass the checksum verification.