CVE-2023-24097

Опубликовано: 23 янв. 2023

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the submit-url parameter at /formPasswordAuth. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Ссылки

https://github.com/chunklhit/cve/blob/master/TRENDNet/TEW-820AP/03/README.md
Exploit
Third Party Advisory
https://github.com/chunklhit/cve/blob/master/TRENDNet/TEW-820AP/03/README.md
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:trendnet:tew-820ap_firmware:1.01.b01:*:*:*:*:*:*:*

cpe:2.3:h:trendnet:tew-820ap:1.0r:*:*:*:*:*:*:*

EPSS

Процентиль: 77%

0.01026

Низкий

8.8 High

CVSS3

Дефекты

CWE-787

Связанные уязвимости

GHSA-qwwx-hvjj-2vq7