Описание
TRENDnet TEW-657BRM 1.00.1 has an authenticated remote OS command injection vulnerability in the setup.cgi binary, exploitable via the HTTP parameters "command", "todo", and "next_file," which allows an attacker to execute arbitrary commands with root privileges.
Ссылки
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:trendnet:tew-657brm_firmware:1.00.1:*:*:*:*:*:*:*
cpe:2.3:h:trendnet:tew-657brm:-:*:*:*:*:*:*:*
EPSS
Процентиль: 56%
0.00341
Низкий
8 High
CVSS3
Дефекты
CWE-78
Связанные уязвимости
CVSS3: 8
github
2 месяца назад
TRENDnet TEW-657BRM 1.00.1 has an authenticated remote OS command injection vulnerability in the setup.cgi binary, exploitable via the HTTP parameters "command", "todo", and "next_file," which allows an attacker to execute arbitrary commands with root privileges.
EPSS
Процентиль: 56%
0.00341
Низкий
8 High
CVSS3
Дефекты
CWE-78