ID
VAR-202212-2401
CVE
CVE-2022-46601
TITLE
TRENDnet TEW755AP Out-of-bounds write vulnerability in
Trust: 0.8
DESCRIPTION
TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the setbg_num parameter in the icp_setbg_img (sub_41DD68) function. TRENDnet TEW755AP Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TRENDnet TEW-755AP is a router produced by TRENDnet. The vulnerability originates from the fact that the setbg_num parameter in the icp_setbg_img (sub_41DD68) function does not check the size of the input data. Attackers can use this vulnerability to execute arbitrary code on the system
Trust: 2.16
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | trendnet | model: | tew-755ap | scope: | eq | version: | 1.13b01 | Trust: 1.0 |
| vendor: | trendnet | model: | tew-755ap | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | trendnet | model: | tew-755ap | scope: | eq | version: | tew-755ap firmware 1.13b01 | Trust: 0.8 |
| vendor: | trendnet | model: | tew-755ap 1.13b01 | scope: | - | version: | - | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-787 | Trust: 1.0 |
| problemtype: | Out-of-bounds writing (CWE-787) [NVD evaluation ] | Trust: 0.8 |
THREAT TYPE
remote
Trust: 0.6
TYPE
buffer error
Trust: 0.6
PATCH
| title: | Top Page | url: | https://www.trendnet.com/ | Trust: 0.8 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2022-46601 | Trust: 3.9 |
| db: | JVNDB | id: | JVNDB-2022-003839 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2023-18950 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-202212-4157 | Trust: 0.6 |
| db: | VULMON | id: | CVE-2022-46601 | Trust: 0.1 |
REFERENCES
| url: | https://brief-nymphea-813.notion.site/vul7-tew755-bof-icp_setbg_img-455dda602d934577a16fbed88251ab26 | Trust: 1.7 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2022-46601 | Trust: 1.4 |
| url: | https://cxsecurity.com/cveshow/cve-2022-46601/ | Trust: 0.6 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
SOURCES
| db: | CNVD | id: | CNVD-2023-18950 |
| db: | VULMON | id: | CVE-2022-46601 |
| db: | JVNDB | id: | JVNDB-2022-003839 |
| db: | CNNVD | id: | CNNVD-202212-4157 |
| db: | NVD | id: | CVE-2022-46601 |
LAST UPDATE DATE
2025-04-11T23:00:56.666000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2023-18950 | date: | 2023-03-22T00:00:00 |
| db: | VULMON | id: | CVE-2022-46601 | date: | 2022-12-30T00:00:00 |
| db: | JVNDB | id: | JVNDB-2022-003839 | date: | 2023-03-09T07:26:00 |
| db: | CNNVD | id: | CNNVD-202212-4157 | date: | 2023-01-06T00:00:00 |
| db: | NVD | id: | CVE-2022-46601 | date: | 2025-04-11T15:15:41.937 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2023-18950 | date: | 2023-03-24T00:00:00 |
| db: | VULMON | id: | CVE-2022-46601 | date: | 2022-12-30T00:00:00 |
| db: | JVNDB | id: | JVNDB-2022-003839 | date: | 2023-03-09T00:00:00 |
| db: | CNNVD | id: | CNNVD-202212-4157 | date: | 2022-12-30T00:00:00 |
| db: | NVD | id: | CVE-2022-46601 | date: | 2022-12-30T21:15:10.997 |