Vulnerabilities > Trendnet
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-10 | CVE-2021-28845 | NULL Pointer Dereference vulnerability in Trendnet products Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of service by sending the POST request to apply_cgi via the lang action without a language key. | 5.0 |
| 2021-08-10 | CVE-2021-28841 | NULL Pointer Dereference vulnerability in Trendnet products Null Pointer Dereference vulnerability in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of service by sending a POST request to apply_cgi via an action ping_test without a ping_ipaddr key. | 5.0 |
| 2021-08-10 | CVE-2021-28842 | NULL Pointer Dereference vulnerability in Trendnet products Null Pointer Deference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial os service by sending the POST request to apply_cgi via action do_graph_auth without login_name key. | 5.0 |
| 2021-08-10 | CVE-2021-28843 | NULL Pointer Dereference vulnerability in Trendnet products Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03 by sending the POST request to apply_cgi with an unknown action name. | 5.0 |
| 2021-08-10 | CVE-2021-28844 | NULL Pointer Dereference vulnerability in Trendnet products Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03 by sending the POST request to apply_cgi via a do_graph_auth action without a session_id key. | 5.0 |
| 2021-08-10 | CVE-2021-31655 | Cross-site Scripting vulnerability in Trendnet Tv-Ip110Wn Firmware 1.2.2.64/1.2.2.65/1.2.2.68 Cross Site Scripting (XSS) vulnerability in TRENDnet TV-IP110WN V1.2.2.64 V1.2.2.65 V1.2.2.68 via the profile parameter. | 4.3 |
| 2021-06-17 | CVE-2021-32424 | Cross-Site Request Forgery (CSRF) vulnerability in Trendnet Tw100-S4W1Ca Firmware 2.3.32 In TrendNet TW100-S4W1CA 2.3.32, due to a lack of proper session controls, a threat actor could make unauthorized changes to an affected router via a specially crafted web page. | 6.8 |
| 2021-06-17 | CVE-2021-32426 | Cross-site Scripting vulnerability in Trendnet Tw100-S4W1Ca Firmware 2.3.32 In TrendNet TW100-S4W1CA 2.3.32, it is possible to inject arbitrary JavaScript into the router's web interface via the "echo" command. | 4.3 |
| 2020-06-15 | CVE-2020-14076 | Out-of-bounds Write vulnerability in Trendnet Tew-827Dru Firmware 2.06B04 TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. | 6.5 |
| 2020-06-15 | CVE-2020-14081 | OS Command Injection vulnerability in Trendnet Tew-827Dru Firmware 2.06B04 TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action send_log_email with the key auth_acname (or auth_passwd), allowing an authenticated user to run arbitrary commands on the device. | 9.0 |