Vulnerabilities > Trendnet > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-10 | CVE-2019-13278 | OS Command Injection vulnerability in Trendnet Tew-827Dru Firmware 1.04B01/2.04/2.04B03 TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple command injections when processing user input for the setup wizard, allowing an unauthenticated user to run arbitrary commands on the device. | 9.8 |
| 2019-07-10 | CVE-2019-13276 | Out-of-bounds Write vulnerability in Trendnet Tew-827Dru Firmware 1.04B01/2.04/2.04B03 TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains a stack-based buffer overflow in the ssi binary. | 9.8 |
| 2019-04-22 | CVE-2019-11418 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Trendnet Tew-632Brp Firmware 1.010B32 apply.cgi on the TRENDnet TEW-632BRP 1.010B32 router has a buffer overflow via long strings to the SOAPACTION:HNAP1 interface. | 9.8 |
| 2019-04-22 | CVE-2019-11417 | Out-of-bounds Write vulnerability in Trendnet Tv-Ip110Wn Firmware system.cgi on TRENDnet TV-IP110WN cameras has a buffer overflow caused by an inadequate source-length check before a strcpy operation in the respondAsp function. | 9.8 |
| 2018-12-20 | CVE-2018-19240 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Trendnet Tv-Ip110Wn Firmware and Tv-Ip121Wn Firmware Buffer overflow in network.cgi on TRENDnet TV-IP110WN V1.2.2 build 68, V1.2.2.65, and V1.2.2 build 64 and TV-IP121WN V1.2.2 build 28 devices allows attackers to hijack the control flow to any attacker-specified location by crafting a POST request payload (without authentication). | 9.8 |
| 2018-01-05 | CVE-2014-8579 | Use of Hard-coded Credentials vulnerability in Trendnet Tew-823Dru Firmware 1.00B30 TRENDnet TEW-823DRU devices with firmware before 1.00b36 have a hardcoded password of kcodeskcodes for the root account, which makes it easier for remote attackers to obtain access via an FTP session. | 9.8 |
| 2017-09-21 | CVE-2015-1187 | Improper Authentication vulnerability in multiple products The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp. | 9.8 |
| 2017-03-14 | CVE-2013-4659 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Buffer overflow in Broadcom ACSD allows remote attackers to execute arbitrary code via a long string to TCP port 5916. | 9.8 |