Vulnerabilities > Trendnet
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-14 | CVE-2018-7034 | Improper Authentication vulnerability in Trendnet products TRENDnet TEW-751DR v1.03B03, TEW-752DRU v1.03B01, and TEW733GR v1.03B01 devices allow authentication bypass via an AUTHORIZED_GROUP=1 value, as demonstrated by a request for getcfg.php. | 5.0 |
| 2018-01-05 | CVE-2014-8579 | Use of Hard-coded Credentials vulnerability in Trendnet Tew-823Dru Firmware TRENDnet TEW-823DRU devices with firmware before 1.00b36 have a hardcoded password of kcodeskcodes for the root account, which makes it easier for remote attackers to obtain access via an FTP session. | 10.0 |
| 2017-09-21 | CVE-2015-1187 | Improper Authentication vulnerability in multiple products The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp. | 9.8 |
| 2017-04-10 | CVE-2015-2880 | Improper Authentication vulnerability in Trendnet Tv-Ip743Sic TRENDnet WiFi Baby Cam TV-IP743SIC has a password of admin for the backdoor root account. | 9.0 |
| 2017-03-14 | CVE-2013-4659 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Buffer overflow in Broadcom ACSD allows remote attackers to execute arbitrary code via a long string to TCP port 5916. | 10.0 |
| 2015-01-13 | CVE-2014-10011 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Trendnet Tv-Ip422W and Tv-Ip422Wn Stack-based buffer overflow in UltraCamLib in the UltraCam ActiveX Control (UltraCamX.ocx) for the TRENDnet SecurView camera TV-IP422WN allows remote attackers to execute arbitrary code via a long string to the (1) CGI_ParamSet, (2) OpenFileDlg, (3) SnapFileName, (4) Password, (5) SetCGIAPNAME, (6) AccountCode, or (7) RemoteHost function. | 7.5 |
| 2014-02-04 | CVE-2013-3365 | OS Command Injection vulnerability in Trendnet Tew-812Dru TRENDnet TEW-812DRU router allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) wan network prefix to internet/ipv6.asp; (2) remote port to adm/management.asp; (3) pptp username, (4) pptp password, (5) ip, (6) gateway, (7) l2tp username, or (8) l2tp password to internet/wan.asp; (9) NtpDstStart, (10) NtpDstEnd, or (11) NtpDstOffset to adm/time.asp; or (12) device url to adm/management.asp. | 8.5 |
| 2014-02-04 | CVE-2013-3098 | Cross-Site Request Forgery (CSRF) vulnerability in Trendnet Tew-812Dru and Tew-812Dru Firmware Multiple cross-site request forgery (CSRF) vulnerabilities in TRENDnet TEW-812DRU router with firmware before 1.0.9.0 allow remote attackers to hijack the authentication of administrators for requests that (1) change admin credentials in a request to setSysAdm.cgi, (2) enable remote management or (3) enable port forwarding in an Apply action to uapply.cgi, or (4) have unspecified impact via a request to setNTP.cgi. | 6.8 |
| 2012-09-06 | CVE-2012-4876 | Buffer Errors vulnerability in Trendnet products Stack-based buffer overflow in the UltraMJCam ActiveX Control in TRENDnet SecurView TV-IP121WN Wireless Internet Camera allows remote attackers to execute arbitrary code via a long string to the OpenFileDlg method. | 10.0 |