Vulnerabilities > Trendnet > High

DATE CVE VULNERABILITY TITLE RISK
2021-08-10 CVE-2021-28844 NULL Pointer Dereference vulnerability in Trendnet products
Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03 by sending the POST request to apply_cgi via a do_graph_auth action without a session_id key.
network
low complexity
trendnet CWE-476
7.5
7.5
2021-06-17 CVE-2021-32424 Cross-Site Request Forgery (CSRF) vulnerability in Trendnet Tw100-S4W1Ca Firmware 2.3.32
In TrendNet TW100-S4W1CA 2.3.32, due to a lack of proper session controls, a threat actor could make unauthorized changes to an affected router via a specially crafted web page.
network
low complexity
trendnet CWE-352
8.8
8.8
2020-06-15 CVE-2020-14076 Out-of-bounds Write vulnerability in Trendnet Tew-827Dru Firmware
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary.
network
low complexity
trendnet CWE-787
8.8
8.8
2020-06-15 CVE-2020-14081 OS Command Injection vulnerability in Trendnet Tew-827Dru Firmware
TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action send_log_email with the key auth_acname (or auth_passwd), allowing an authenticated user to run arbitrary commands on the device.
network
low complexity
trendnet CWE-78
8.8
8.8
2020-06-15 CVE-2020-14079 Out-of-bounds Write vulnerability in Trendnet Tew-827Dru Firmware
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary.
network
low complexity
trendnet CWE-787
8.8
8.8
2020-06-15 CVE-2020-14078 Out-of-bounds Write vulnerability in Trendnet Tew-827Dru Firmware
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary.
network
low complexity
trendnet CWE-787
8.8
8.8
2020-06-15 CVE-2020-14077 Out-of-bounds Write vulnerability in Trendnet Tew-827Dru Firmware
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary.
network
low complexity
trendnet CWE-787
8.8
8.8
2020-06-15 CVE-2020-14075 OS Command Injection vulnerability in Trendnet Tew-827Dru Firmware
TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action pppoe_connect, ru_pppoe_connect, or dhcp_connect with the key wan_ifname (or wan0_dns), allowing an authenticated user to run arbitrary commands on the device.
network
low complexity
trendnet CWE-78
8.8
8.8
2020-06-15 CVE-2020-14074 Out-of-bounds Write vulnerability in Trendnet Tew-827Dru Firmware
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary.
network
low complexity
trendnet CWE-787
8.8
8.8
2020-03-07 CVE-2020-10216 OS Command Injection vulnerability in multiple products
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices.
network
low complexity
dlink trendnet CWE-78
8.8
8.8