Sign-up

ID

VAR-202302-0321


CVE

CVE-2023-0638


TITLE

TRENDnet TEW-811DRU Command Injection Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2023-22722 // CNNVD: CNNVD-202302-142

DESCRIPTION

A vulnerability has been found in TRENDnet TEW-811DRU 1.0.10.0 and classified as critical. This vulnerability affects unknown code of the component Web Interface. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-220018 is the identifier assigned to this vulnerability. TRENDnet TEW-811DRU Contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TRENDnet TEW-811DRU is a wireless router produced by TRENDnet. Attackers can use this vulnerability to submit special requests and execute arbitrary commands

Trust: 2.25

sources: NVD: CVE-2023-0638 // JVNDB: JVNDB-2023-003135 // CNVD: CNVD-2023-22722 // VULMON: CVE-2023-0638

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2023-22722

AFFECTED PRODUCTS

vendor:trendnetmodel:tew-811druscope:eqversion:1.0.10.0

Trust: 1.6

vendor:trendnetmodel:tew-811druscope:eqversion: -

Trust: 0.8

vendor:trendnetmodel:tew-811druscope:eqversion:tew-811dru firmware 1.0.10.0

Trust: 0.8

sources: CNVD: CNVD-2023-22722 // JVNDB: JVNDB-2023-003135 // NVD: CVE-2023-0638

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2023-0638
value: HIGH

Trust: 1.0

nvd@nist.gov: CVE-2023-0638
value: CRITICAL

Trust: 1.0

OTHER: JVNDB-2023-003135
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2023-22722
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202302-142
value: CRITICAL

Trust: 0.6

cna@vuldb.com: CVE-2023-0638
severity: HIGH
baseScore: 8.3
vectorString: AV:N/AC:L/AU:M/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2023-003135
severity: HIGH
baseScore: 8.3
vectorString: AV:N/AC:L/AU:M/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2023-22722
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2023-0638
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2023-0638
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2023-003135
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2023-22722 // JVNDB: JVNDB-2023-003135 // CNNVD: CNNVD-202302-142 // NVD: CVE-2023-0638 // NVD: CVE-2023-0638

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.0

problemtype:Command injection (CWE-77) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-003135 // NVD: CVE-2023-0638

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202302-142

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-202302-142

PATCH

title:Top Pageurl:https://www.trendnet.com/home

Trust: 0.8

title:Patch for TRENDnet TEW-811DRU Command Injection Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/416791

Trust: 0.6

title: - url:https://github.com/Live-Hack-CVE/CVE-2023-0638

Trust: 0.1

sources: CNVD: CNVD-2023-22722 // VULMON: CVE-2023-0638 // JVNDB: JVNDB-2023-003135

EXTERNAL IDS

db:NVDid:CVE-2023-0638

Trust: 3.9

db:VULDBid:220018

Trust: 1.7

db:JVNDBid:JVNDB-2023-003135

Trust: 0.8

db:CNVDid:CNVD-2023-22722

Trust: 0.6

db:CNNVDid:CNNVD-202302-142

Trust: 0.6

db:VULMONid:CVE-2023-0638

Trust: 0.1

sources: CNVD: CNVD-2023-22722 // VULMON: CVE-2023-0638 // JVNDB: JVNDB-2023-003135 // CNNVD: CNNVD-202302-142 // NVD: CVE-2023-0638

REFERENCES

url:https://vuldb.com/?id.220018

Trust: 1.7

url:https://vuldb.com/?ctiid.220018

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2023-0638

Trust: 1.4

url:https://cxsecurity.com/cveshow/cve-2023-0638/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/77.html

Trust: 0.1

url:https://github.com/live-hack-cve/cve-2023-0638

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2023-22722 // VULMON: CVE-2023-0638 // JVNDB: JVNDB-2023-003135 // CNNVD: CNNVD-202302-142 // NVD: CVE-2023-0638

SOURCES

db:CNVDid:CNVD-2023-22722
db:VULMONid:CVE-2023-0638
db:JVNDBid:JVNDB-2023-003135
db:CNNVDid:CNNVD-202302-142
db:NVDid:CVE-2023-0638

LAST UPDATE DATE

2024-08-14T15:11:02.739000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2023-22722date:2023-03-31T00:00:00
db:VULMONid:CVE-2023-0638date:2023-02-02T00:00:00
db:JVNDBid:JVNDB-2023-003135date:2023-09-01T02:38:00
db:CNNVDid:CNNVD-202302-142date:2023-02-13T00:00:00
db:NVDid:CVE-2023-0638date:2024-05-17T02:17:27.163

SOURCES RELEASE DATE

db:CNVDid:CNVD-2023-22722date:2023-03-31T00:00:00
db:VULMONid:CVE-2023-0638date:2023-02-02T00:00:00
db:JVNDBid:JVNDB-2023-003135date:2023-09-01T00:00:00
db:CNNVDid:CNNVD-202302-142date:2023-02-02T00:00:00
db:NVDid:CVE-2023-0638date:2023-02-02T09:15:08.693