ID
VAR-202403-2291
CVE
CVE-2024-28353
TITLE
TRENDnet of TEW-827DRU Command injection vulnerability in firmware
Trust: 0.8
DESCRIPTION
There is a command injection vulnerability in the TRENDnet TEW-827DRU router with firmware version 2.10B01. An attacker can inject commands into the post request parameters usapps.config.smb_admin_name in the apply.cgi interface, thereby gaining root shell privileges. TRENDnet of TEW-827DRU Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Trust: 1.62
AFFECTED PRODUCTS
| vendor: | trendnet | model: | tew-827dru | scope: | eq | version: | 2.10b01 | Trust: 1.0 |
| vendor: | trendnet | model: | tew-827dru | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | trendnet | model: | tew-827dru | scope: | - | version: | - | Trust: 0.8 |
| vendor: | trendnet | model: | tew-827dru | scope: | eq | version: | tew-827dru firmware 2.10b01 | Trust: 0.8 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-77 | Trust: 1.0 |
| problemtype: | Command injection (CWE-77) [ others ] | Trust: 0.8 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2024-28353 | Trust: 2.6 |
| db: | JVNDB | id: | JVNDB-2024-021286 | Trust: 0.8 |
REFERENCES
| url: | https://warp-desk-89d.notion.site/tew-827dru-5c40fb20572148f0b00f329d69273791 | Trust: 1.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2024-28353 | Trust: 0.8 |
SOURCES
| db: | JVNDB | id: | JVNDB-2024-021286 |
| db: | NVD | id: | CVE-2024-28353 |
LAST UPDATE DATE
2025-04-05T01:47:53.572000+00:00
SOURCES UPDATE DATE
| db: | JVNDB | id: | JVNDB-2024-021286 | date: | 2025-04-02T08:15:00 |
| db: | NVD | id: | CVE-2024-28353 | date: | 2025-04-01T16:15:01.273 |
SOURCES RELEASE DATE
| db: | JVNDB | id: | JVNDB-2024-021286 | date: | 2025-04-02T00:00:00 |
| db: | NVD | id: | CVE-2024-28353 | date: | 2024-03-15T08:15:06.393 |