Vulnerabilities > CVE-2023-24097 - Out-of-bounds Write vulnerability in Trendnet Tew-820Ap Firmware 1.01.B01

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

trendnet

CWE-787

NVD

Published: 2023-01-23

Updated: 2024-04-11

Summary

TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the submit-url parameter at /formPasswordAuth. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Vulnerable Configurations

Part	Description	Count
OS	Trendnet Trendnet TEW 820Ap Firmware 1.01.B01	1
Hardware	Trendnet Trendnet TEW 820Ap 1.0R	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://github.com/chunklhit/cve/blob/master/TRENDNet/TEW-820AP/03/README.md