Описание
TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action pppoe_connect, ru_pppoe_connect, or dhcp_connect with the key wan_ifname (or wan0_dns), allowing an authenticated user to run arbitrary commands on the device.
Ссылки
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.06b04 (включая)
Одновременно
cpe:2.3:o:trendnet:tew-827dru_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:trendnet:tew-827dru:-:*:*:*:*:*:*:*
EPSS
Процентиль: 94%
0.12273
Средний
8.8 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-78
Связанные уязвимости
github
больше 3 лет назад
TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action pppoe_connect, ru_pppoe_connect, or dhcp_connect with the key wan_ifname (or wan0_dns), allowing an authenticated user to run arbitrary commands on the device.
EPSS
Процентиль: 94%
0.12273
Средний
8.8 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-78