Vulnerabilities > Trendnet > High

DATE CVE VULNERABILITY TITLE RISK
2019-07-02 CVE-2019-13151 OS Command Injection vulnerability in Trendnet Tew-827Dru Firmware 1.04B01/2.04/2.04B03
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11.
network
low complexity
trendnet CWE-78
8.8
8.8
2019-07-02 CVE-2019-13150 Command Injection vulnerability in Trendnet Tew-827Dru Firmware 1.04B01/2.04/2.04B03
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11.
network
low complexity
trendnet CWE-77
8.8
8.8
2019-07-02 CVE-2019-13149 OS Command Injection vulnerability in Trendnet Tew-827Dru Firmware 1.04B01/2.04/2.04B03
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11.
network
low complexity
trendnet CWE-78
8.8
8.8
2019-07-02 CVE-2019-13148 Command Injection vulnerability in Trendnet Tew-827Dru Firmware 1.04B01/2.04/2.04B03
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11.
network
low complexity
trendnet CWE-77
8.8
8.8
2018-12-20 CVE-2018-19242 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Trendnet Tew-632Brp Firmware and Tew-673Gru Firmware
Buffer overflow in apply.cgi on TRENDnet TEW-632BRP 1.010B32 and TEW-673GRU devices allows attackers to hijack the control flow to any attacker-specified location by crafting a POST request payload (with authentication).
network
low complexity
trendnet CWE-119
8.8
8.8
2018-12-20 CVE-2018-19241 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Trendnet Tv-Ip110Wn Firmware and Tv-Ip121Wn Firmware
Buffer overflow in video.cgi on TRENDnet TV-IP110WN V1.2.2 build 68, V1.2.2.65, and V1.2.2 build 64 and TV-IP121WN V1.2.2 build 28 devices allows attackers to hijack the control flow to any attacker-specified location by crafting a POST request payload (without authentication).
network
low complexity
trendnet CWE-119
7.5
7.5
2018-12-20 CVE-2018-19239 OS Command Injection vulnerability in Trendnet Tew-673Gru Firmware 1.00B40
TRENDnet TEW-673GRU v1.00b40 devices have an OS command injection vulnerability in the start_arpping function of the timer binary, which allows remote attackers to execute arbitrary commands via three parameters (dhcpd_start, dhcpd_end, and lan_ipaddr) passed to the apply.cgi binary through a POST request.
network
low complexity
trendnet CWE-78
7.2
7.2
2018-02-14 CVE-2018-7034 Improper Authentication vulnerability in Trendnet products
TRENDnet TEW-751DR v1.03B03, TEW-752DRU v1.03B01, and TEW733GR v1.03B01 devices allow authentication bypass via an AUTHORIZED_GROUP=1 value, as demonstrated by a request for getcfg.php.
network
low complexity
trendnet CWE-287
7.5
7.5
2017-04-10 CVE-2015-2880 Improper Authentication vulnerability in Trendnet Tv-Ip743Sic
TRENDnet WiFi Baby Cam TV-IP743SIC has a password of admin for the backdoor root account.
network
low complexity
trendnet CWE-287
8.8
8.8