Vulnerabilities > CVE-2019-11417 - Out-of-bounds Write vulnerability in Trendnet Tv-Ip110Wn Firmware

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

trendnet

CWE-787

critical

NVD

Published: 2019-04-22

Updated: 2021-07-21

Summary

system.cgi on TRENDnet TV-IP110WN cameras has a buffer overflow caused by an inadequate source-length check before a strcpy operation in the respondAsp function. Attackers can exploit the vulnerability by using the languse parameter with a long string. This affects 1.2.2 build 28, 64, 65, and 68.

Vulnerable Configurations

Part	Description	Count
OS	Trendnet Trendnet TV Ip110Wn Firmware 1.2.2.28 Trendnet TV Ip110Wn Firmware 1.2.2.64 Trendnet TV Ip110Wn Firmware 1.2.2.65 Trendnet TV Ip110Wn Firmware 1.2.2.68	4
Hardware	Trendnet Trendnet TV Ip110Wn -	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://github.com/zyw-200/IOTFuzzer/blob/master/Trendnet_response.png