exploitDog

CVE-2024-50667

Опубликовано: 11 нояб. 2024

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

The boa httpd of Trendnet TEW-820AP 1.01.B01 has a stack overflow vulnerability in /boafrm/formIPv6Addr, /boafrm/formIpv6Setup, /boafrm/formDnsv6. The reason is that the check of ipv6 address is not sufficient, which allows attackers to construct payloads for attacks.

Ссылки

https://github.com/ixout/iotVuls/blob/main/Trendnet/TEW_820/report.md
Exploit
Third Party Advisory
https://www.trendnet.com/support/support-detail.asp?prod=100_TEW-820AP
Broken Link
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:trendnet:tew-820ap_firmware:1.01.b01:*:*:*:*:*:*:*

cpe:2.3:h:trendnet:tew-820ap:-:*:*:*:*:*:*:*

EPSS

Процентиль: 69%

0.00593

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-120

Связанные уязвимости

GHSA-cx99-h4rf-2j49

CVSS3: 9.8

github

около 1 года назад

The boa httpd of Trendnet TEW-820AP 1.01.B01 has a stack overflow vulnerability in /boafrm/formIPv6Addr, /boafrm/formIpv6Setup, /boafrm/formDnsv6. The reason is that the check of ipv6 address is not sufficient, which allows attackers to construct payloads for attacks.

EPSS

Процентиль: 69%

0.00593

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-120