Filtered by vendor Trendnet
Subscriptions
Total
149 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-46588 | 1 Trendnet | 2 Tew-755ap, Tew-755ap Firmware | 2025-04-11 | 9.8 Critical |
| TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the sys_service parameter in the setup_wizard_mydlink (sub_4104B8) function. | ||||
| CVE-2022-46586 | 1 Trendnet | 2 Tew-755ap, Tew-755ap Firmware | 2025-04-11 | 9.8 Critical |
| TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the qcawifi.wifi%d_vap%d.maclist parameter in the kick_ban_wifi_mac_allow (sub_415B00) function. | ||||
| CVE-2022-46585 | 1 Trendnet | 2 Tew-755ap, Tew-755ap Firmware | 2025-04-11 | 9.8 Critical |
| TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the REMOTE_USER parameter in the get_access (sub_45AC2C) function. | ||||
| CVE-2013-3098 | 1 Trendnet | 2 Tew-812dru, Tew-812dru Firmware | 2025-04-11 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in TRENDnet TEW-812DRU router with firmware before 1.0.9.0 allow remote attackers to hijack the authentication of administrators for requests that (1) change admin credentials in a request to setSysAdm.cgi, (2) enable remote management or (3) enable port forwarding in an Apply action to uapply.cgi, or (4) have unspecified impact via a request to setNTP.cgi. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2012-4876 | 1 Trendnet | 2 Securview Wireless Internet Camera, Securview Wireless Internet Camera Activex Control | 2025-04-11 | N/A |
| Stack-based buffer overflow in the UltraMJCam ActiveX Control in TRENDnet SecurView TV-IP121WN Wireless Internet Camera allows remote attackers to execute arbitrary code via a long string to the OpenFileDlg method. | ||||
| CVE-2013-3365 | 1 Trendnet | 1 Tew-812dru | 2025-04-11 | N/A |
| TRENDnet TEW-812DRU router allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) wan network prefix to internet/ipv6.asp; (2) remote port to adm/management.asp; (3) pptp username, (4) pptp password, (5) ip, (6) gateway, (7) l2tp username, or (8) l2tp password to internet/wan.asp; (9) NtpDstStart, (10) NtpDstEnd, or (11) NtpDstOffset to adm/time.asp; or (12) device url to adm/management.asp. NOTE: vectors 9, 10, and 11 can be exploited by unauthenticated remote attackers by leveraging CVE-2013-3098. | ||||
| CVE-2023-51146 | 1 Trendnet | 2 Tew-821dap, Tew-821dap Firmware | 2025-04-08 | 8.0 High |
| Buffer Overflow vulnerability in TRENDnet AC1200 TEW-821DAP with firmware version 3.00b06 allows an attacker to execute arbitrary code via the adm_add_user action. | ||||
| CVE-2015-1187 | 2 Dlink, Trendnet | 30 Dir-626l, Dir-626l Firmware, Dir-636l and 27 more | 2025-04-03 | 9.8 Critical |
| The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp. | ||||
| CVE-2023-24098 | 1 Trendnet | 2 Tew-820ap, Tew-820ap Firmware | 2025-04-02 | 8.8 High |
| TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the submit-url parameter at /formSysLog. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2023-24097 | 1 Trendnet | 2 Tew-820ap, Tew-820ap Firmware | 2025-04-02 | 8.8 High |
| TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the submit-url parameter at /formPasswordAuth. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2023-24096 | 1 Trendnet | 2 Tew-820ap, Tew-820ap Firmware | 2025-04-02 | 8.8 High |
| TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the newpass parameter at /formPasswordSetup. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2024-36728 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2025-04-01 | 8.1 High |
| TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action vlan_setting with a sufficiently long dns1 or dns 2 key. | ||||
| CVE-2024-36729 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2025-04-01 | 6.3 Medium |
| TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action wizard_ipv6 with a sufficiently long reboot_type key. | ||||
| CVE-2024-50667 | 1 Trendnet | 2 Tew-820ap, Tew-820ap Firmware | 2025-04-01 | 9.8 Critical |
| The boa httpd of Trendnet TEW-820AP 1.01.B01 has a stack overflow vulnerability in /boafrm/formIPv6Addr, /boafrm/formIpv6Setup, /boafrm/formDnsv6. The reason is that the check of ipv6 address is not sufficient, which allows attackers to construct payloads for attacks. | ||||
| CVE-2024-51190 | 1 Trendnet | 6 Tew-651br, Tew-651br Firmware, Tew-652brp and 3 more | 2025-04-01 | 4.8 Medium |
| TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the ptRule_ApplicationName_1.1.6.0.0 parameter on the /special_ap.htm page. | ||||
| CVE-2024-51189 | 1 Trendnet | 6 Tew-651br, Tew-651br Firmware, Tew-652brp and 3 more | 2025-04-01 | 4.8 Medium |
| TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the macList_Name_1.1.1.0.0 parameter on the /filters.htm page. | ||||
| CVE-2024-51188 | 1 Trendnet | 6 Tew-651br, Tew-651br Firmware, Tew-652brp and 3 more | 2025-04-01 | 4.8 Medium |
| TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the vsRule_VirtualServerName_1.1.10.0.0 parameter on the /virtual_server.htm page. | ||||
| CVE-2024-51187 | 1 Trendnet | 6 Tew-651br, Tew-651br Firmware, Tew-652brp and 3 more | 2025-04-01 | 4.8 Medium |
| TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the firewallRule_Name_1.1.1.0.0 parameter on the /firewall_setting.htm page. | ||||
| CVE-2024-42813 | 1 Trendnet | 2 Tew-752dru, Tew-752dru Firmware | 2025-04-01 | 9.8 Critical |
| In TRENDnet TEW-752DRU FW1.03B01, there is a buffer overflow vulnerability due to the lack of length verification for the service field in gena.cgi. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands. | ||||
| CVE-2024-28353 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2025-04-01 | 8.8 High |
| There is a command injection vulnerability in the TRENDnet TEW-827DRU router with firmware version 2.10B01. An attacker can inject commands into the post request parameters usapps.config.smb_admin_name in the apply.cgi interface, thereby gaining root shell privileges. | ||||