Vulnerabilities for Tew-812dru (...) - CXSECURITY.COM

Vulnerabilities for 'Tew-812dru'

2014-02-04

CVE-2013-3365

CWE-78

TRENDnet TEW-812DRU router allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) wan network prefix to internet/ipv6.asp; (2) remote port to adm/management.asp; (3) pptp username, (4) pptp password, (5) ip, (6) gateway, (7) l2tp username, or (8) l2tp password to internet/wan.asp; (9) NtpDstStart, (10) NtpDstEnd, or (11) NtpDstOffset to adm/time.asp; or (12) device url to adm/management.asp. NOTE: vectors 9, 10, and 11 can be exploited by unauthenticated remote attackers by leveraging CVE-2013-3098.

CVE-2013-3098

CWE-352

Multiple cross-site request forgery (CSRF) vulnerabilities in TRENDnet TEW-812DRU router with firmware before 1.0.9.0 allow remote attackers to hijack the authentication of administrators for requests that (1) change admin credentials in a request to setSysAdm.cgi, (2) enable remote management or (3) enable port forwarding in an Apply action to uapply.cgi, or (4) have unspecified impact via a request to setNTP.cgi. NOTE: some of these details are obtained from third party information.

>>> Vendor: Trendnet 22 Products

Securview wireless internet camera activex control

Securview wireless internet camera

Tew-812dru firmware

Tew-813dru firmware

Tew-652br firmware

Tew-711br firmware

Tew-731br firmware

Tew-651br firmware

Tew-810dr firmware

Tew-823dru firmware

Tew-751dr firmware

Tew-752dru firmware

Tew733gr firmware

Tew-673gru firmware

Tv-ip110wn firmware

Tv-ip121wn firmware

Tew-632brp firmware

Tew-827dru firmware

Copyright 2024, cxsecurity.com