Vulnerabilities > Trendnet

DATE CVE VULNERABILITY TITLE RISK
2018-12-20 CVE-2018-19240 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Trendnet Tv-Ip110Wn Firmware and Tv-Ip121Wn Firmware
Buffer overflow in network.cgi on TRENDnet TV-IP110WN V1.2.2 build 68, V1.2.2.65, and V1.2.2 build 64 and TV-IP121WN V1.2.2 build 28 devices allows attackers to hijack the control flow to any attacker-specified location by crafting a POST request payload (without authentication).
network
low complexity
trendnet CWE-119
7.5
2018-12-20 CVE-2018-19239 OS Command Injection vulnerability in Trendnet Tew-673Gru Firmware 1.00B40
TRENDnet TEW-673GRU v1.00b40 devices have an OS command injection vulnerability in the start_arpping function of the timer binary, which allows remote attackers to execute arbitrary commands via three parameters (dhcpd_start, dhcpd_end, and lan_ipaddr) passed to the apply.cgi binary through a POST request.
network
low complexity
trendnet CWE-78
critical
9.0
2018-02-14 CVE-2018-7034 Improper Authentication vulnerability in Trendnet products
TRENDnet TEW-751DR v1.03B03, TEW-752DRU v1.03B01, and TEW733GR v1.03B01 devices allow authentication bypass via an AUTHORIZED_GROUP=1 value, as demonstrated by a request for getcfg.php.
network
low complexity
trendnet CWE-287
5.0
2018-01-05 CVE-2014-8579 Use of Hard-coded Credentials vulnerability in Trendnet Tew-823Dru Firmware
TRENDnet TEW-823DRU devices with firmware before 1.00b36 have a hardcoded password of kcodeskcodes for the root account, which makes it easier for remote attackers to obtain access via an FTP session.
network
low complexity
trendnet CWE-798
critical
10.0
2017-09-21 CVE-2015-1187 Improper Authentication vulnerability in multiple products
The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp.
network
low complexity
d-link trendnet CWE-287
critical
10.0
2017-04-10 CVE-2015-2880 Improper Authentication vulnerability in Trendnet Tv-Ip743Sic
TRENDnet WiFi Baby Cam TV-IP743SIC has a password of admin for the backdoor root account.
network
low complexity
trendnet CWE-287
critical
9.0
2017-03-14 CVE-2013-4659 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Buffer overflow in Broadcom ACSD allows remote attackers to execute arbitrary code via a long string to TCP port 5916.
network
low complexity
asus trendnet CWE-119
critical
10.0
2015-01-13 CVE-2014-10011 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Trendnet Tv-Ip422W and Tv-Ip422Wn
Stack-based buffer overflow in UltraCamLib in the UltraCam ActiveX Control (UltraCamX.ocx) for the TRENDnet SecurView camera TV-IP422WN allows remote attackers to execute arbitrary code via a long string to the (1) CGI_ParamSet, (2) OpenFileDlg, (3) SnapFileName, (4) Password, (5) SetCGIAPNAME, (6) AccountCode, or (7) RemoteHost function.
network
low complexity
trendnet CWE-119
7.5
2014-02-04 CVE-2013-3365 OS Command Injection vulnerability in Trendnet Tew-812Dru
TRENDnet TEW-812DRU router allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) wan network prefix to internet/ipv6.asp; (2) remote port to adm/management.asp; (3) pptp username, (4) pptp password, (5) ip, (6) gateway, (7) l2tp username, or (8) l2tp password to internet/wan.asp; (9) NtpDstStart, (10) NtpDstEnd, or (11) NtpDstOffset to adm/time.asp; or (12) device url to adm/management.asp.
network
trendnet CWE-78
8.5
2014-02-04 CVE-2013-3098 Cross-Site Request Forgery (CSRF) vulnerability in Trendnet Tew-812Dru and Tew-812Dru Firmware
Multiple cross-site request forgery (CSRF) vulnerabilities in TRENDnet TEW-812DRU router with firmware before 1.0.9.0 allow remote attackers to hijack the authentication of administrators for requests that (1) change admin credentials in a request to setSysAdm.cgi, (2) enable remote management or (3) enable port forwarding in an Apply action to uapply.cgi, or (4) have unspecified impact via a request to setNTP.cgi.
network
trendnet CWE-352
6.8