Vulnerabilities > CVE-2020-14078 - Out-of-bounds Write vulnerability in Trendnet Tew-827Dru Firmware

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

trendnet

CWE-787

NVD

Published: 2020-06-15

Updated: 2020-06-17

Summary

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action wifi_captive_portal_login with a sufficiently long REMOTE_ADDR key.

Vulnerable Configurations

Part	Description	Count
OS	Trendnet Trendnet TEW 827Dru Firmware - Trendnet TEW 827Dru Firmware 1.04B01 Trendnet TEW 827Dru Firmware 2.04 Trendnet TEW 827Dru Firmware 2.04B03 Trendnet TEW 827Dru Firmware 2.05B11 Trendnet TEW 827Dru Firmware 2.06B04	6
Hardware	Trendnet Trendnet TEW 827Dru -	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References