CVE-2023-51835 - Vulnerability Details - OpenCVE

ReportizFlow

An issue in TRENDnet TEW-822DRE v.1.03B02 allows a local attacker to execute arbitrary code via the parameters ipv4_ping in the /boafrm/formSystemCheck.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Trendnet	Tew-822dre Tew-822dre Firmware

Configuration 1 [-]

AND

cpe:2.3:o:trendnet:tew-822dre_firmware:1.03b02:*:*:*:*:*:*:*

cpe:2.3:h:trendnet:tew-822dre:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://warp-desk-89d.notion.site/TEW-822DRE-5289eb95796749c2878843519ab451d8
https://www.trendnet.com/support/support-detail.asp?prod=105_TEW-822DRE

History

Tue, 01 Apr 2025 15:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Trendnet Trendnet tew-822dre Trendnet tew-822dre Firmware
CPEs		cpe:2.3:h:trendnet:tew-822dre:-:::::::* cpe:2.3:o:trendnet:tew-822dre_firmware:1.03b02:::::::*
Vendors & Products		Trendnet Trendnet tew-822dre Trendnet tew-822dre Firmware

Wed, 28 Aug 2024 21:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-77
Metrics		cvssV3_1 `{'score': 6.8, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-02-01T00:00:00

Updated: 2024-08-28T19:58:36.362Z

Reserved: 2023-12-26T00:00:00

Link: CVE-2023-51835

Vulnrichment

Updated: 2024-08-02T22:48:11.881Z

NVD

Status : Analyzed

Published: 2024-02-29T01:42:05.830

Modified: 2025-04-01T15:06:08.550

Link: CVE-2023-51835

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-51835", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-28T19:58:36.362Z", "dateReserved": "2023-12-26T00:00:00", "datePublished": "2024-02-01T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-02-01T19:43:05.645157"}, "descriptions": [{"lang": "en", "value": "An issue in TRENDnet TEW-822DRE v.1.03B02 allows a local attacker to execute arbitrary code via the parameters ipv4_ping in the /boafrm/formSystemCheck."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.trendnet.com/support/support-detail.asp?prod=105_TEW-822DRE"}, {"url": "https://warp-desk-89d.notion.site/TEW-822DRE-5289eb95796749c2878843519ab451d8"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T22:48:11.881Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.trendnet.com/support/support-detail.asp?prod=105_TEW-822DRE", "tags": ["x_transferred"]}, {"url": "https://warp-desk-89d.notion.site/TEW-822DRE-5289eb95796749c2878843519ab451d8", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-77", "lang": "en", "description": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')"}]}], "affected": [{"vendor": "trendnet", "product": "tew-822dre_firmware", "cpes": ["cpe:2.3:o:trendnet:tew-822dre_firmware:1.03b02:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.03b02", "status": "affected"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-03-14T19:58:14.526970Z", "id": "CVE-2023-51835", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-28T19:58:36.362Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.trendnet.com/support/support-detail.asp?prod=105_TEW-822DRE", "tags": ["x_transferred"]}, {"url": "https://warp-desk-89d.notion.site/TEW-822DRE-5289eb95796749c2878843519ab451d8", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T22:48:11.881Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-51835", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-03-14T19:58:14.526970Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:trendnet:tew-822dre_firmware:1.03b02:*:*:*:*:*:*:*"], "vendor": "trendnet", "product": "tew-822dre_firmware", "versions": [{"status": "affected", "version": "1.03b02"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-77", "description": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-28T19:56:28.878Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://www.trendnet.com/support/support-detail.asp?prod=105_TEW-822DRE"}, {"url": "https://warp-desk-89d.notion.site/TEW-822DRE-5289eb95796749c2878843519ab451d8"}], "descriptions": [{"lang": "en", "value": "An issue in TRENDnet TEW-822DRE v.1.03B02 allows a local attacker to execute arbitrary code via the parameters ipv4_ping in the /boafrm/formSystemCheck."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-02-01T19:43:05.645157"}}}, "cveMetadata": {"cveId": "CVE-2023-51835", "state": "PUBLISHED", "dateUpdated": "2024-08-28T19:58:36.362Z", "dateReserved": "2023-12-26T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-02-01T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:trendnet:tew-822dre_firmware:1.03b02:*:*:*:*:*:*:*", "matchCriteriaId": "3308314F-339F-49CE-92D1-4FD01F78570B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:trendnet:tew-822dre:-:*:*:*:*:*:*:*", "matchCriteriaId": "C96E1973-C97A-4B75-824D-6EAE4CFA3694", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue in TRENDnet TEW-822DRE v.1.03B02 allows a local attacker to execute arbitrary code via the parameters ipv4_ping in the /boafrm/formSystemCheck."}, {"lang": "es", "value": "Un problema en TRENDnet TEW-822DRE v.1.03B02 permite a un atacante local ejecutar c\u00f3digo arbitrario a trav\u00e9s de los par\u00e1metros ipv4_ping en /boafrm/formSystemCheck."}], "id": "CVE-2023-51835", "lastModified": "2025-04-01T15:06:08.550", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-02-29T01:42:05.830", "references": [{"source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"], "url": "https://warp-desk-89d.notion.site/TEW-822DRE-5289eb95796749c2878843519ab451d8"}, {"source": "[email protected]", "tags": ["Product"], "url": "https://www.trendnet.com/support/support-detail.asp?prod=105_TEW-822DRE"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://warp-desk-89d.notion.site/TEW-822DRE-5289eb95796749c2878843519ab451d8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://www.trendnet.com/support/support-detail.asp?prod=105_TEW-822DRE"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}