exploitDog

CVE-2024-22546

Опубликовано: 30 апр. 2024

Источник: nvd

CVSS3: 6.4

EPSS Низкий

Описание

TRENDnet TEW-815DAP 1.0.2.0 is vulnerable to Command Injection via the do_setNTP function. An authenticated attacker with administrator privileges can leverage this vulnerability over the network via a malicious POST request.

Ссылки

https://warp-desk-89d.notion.site/TEW-815DAP-94a631c20dee4f399268dbcc880f1f4c
Exploit
Third Party Advisory
https://www.trendnet.com/support/support-detail.asp?prod=105_TEW-815DAP
Broken Link
Vendor Advisory
https://warp-desk-89d.notion.site/TEW-815DAP-94a631c20dee4f399268dbcc880f1f4c
Exploit
Third Party Advisory
https://www.trendnet.com/support/support-detail.asp?prod=105_TEW-815DAP
Broken Link
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:trendnet:tew-815dap_firmware:1.0.2.0:*:*:*:*:*:*:*

cpe:2.3:h:trendnet:tew-815dap:-:*:*:*:*:*:*:*

EPSS

Процентиль: 43%

0.00211

Низкий

6.4 Medium

CVSS3

Дефекты

CWE-77

Связанные уязвимости

GHSA-4c3m-w6wv-6mg8

CVSS3: 6.4

github

почти 2 года назад

TRENDnet TEW-815DAP 1.0.2.0 is vulnerable to Command Injection via the do_setNTP function. An authenticated attacker with administrator privileges can leverage this vulnerability over the network via a malicious POST request.

EPSS

Процентиль: 43%

0.00211

Низкий

6.4 Medium

CVSS3

Дефекты

CWE-77