Sign-up

ID

VAR-202408-1643


CVE

CVE-2024-42813


TITLE

TRENDnet  of  TEW-752DRU  Classic buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-021274

DESCRIPTION

In TRENDnet TEW-752DRU FW1.03B01, there is a buffer overflow vulnerability due to the lack of length verification for the service field in gena.cgi. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands. TRENDnet of TEW-752DRU Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2024-42813 // JVNDB: JVNDB-2024-021274

AFFECTED PRODUCTS

vendor:trendnetmodel:tew-752druscope:eqversion:1.03b01

Trust: 1.0

vendor:trendnetmodel:tew-752druscope:eqversion: -

Trust: 0.8

vendor:trendnetmodel:tew-752druscope:eqversion:tew-752dru firmware 1.03b01

Trust: 0.8

vendor:trendnetmodel:tew-752druscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2024-021274 // NVD: CVE-2024-42813

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-42813
value: CRITICAL

Trust: 1.0

OTHER: JVNDB-2024-021274
value: CRITICAL

Trust: 0.8

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-42813
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2024-021274
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2024-021274 // NVD: CVE-2024-42813

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.0

problemtype:Classic buffer overflow (CWE-120) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-021274 // NVD: CVE-2024-42813

EXTERNAL IDS

db:NVDid:CVE-2024-42813

Trust: 2.6

db:JVNDBid:JVNDB-2024-021274

Trust: 0.8

sources: JVNDB: JVNDB-2024-021274 // NVD: CVE-2024-42813

REFERENCES

url:https://gist.github.com/xiaocurry/204680035c1efffa27d14956820ad928

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-42813

Trust: 0.8

sources: JVNDB: JVNDB-2024-021274 // NVD: CVE-2024-42813

SOURCES

db:JVNDBid:JVNDB-2024-021274
db:NVDid:CVE-2024-42813

LAST UPDATE DATE

2025-04-03T22:40:08.654000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2024-021274date:2025-04-02T07:58:00
db:NVDid:CVE-2024-42813date:2025-04-01T18:20:43.097

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2024-021274date:2025-04-02T00:00:00
db:NVDid:CVE-2024-42813date:2024-08-19T20:15:07.147