kuc822

8 exploits Active since Jun 2020
CVE-2020-14076 WRITEUP HIGH WRITEUP
TRENDnet TEW-827DRU < 2.06b04 - Authenticated Stack-Based Buffer Overflow via wan_type Parameter
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action st_dev_connect, st_dev_disconnect, or st_dev_rconnect with a sufficiently long wan_type key.
CVSS 8.8
CVE-2020-14079 WRITEUP HIGH WRITEUP
TRENDnet TEW-827DRU < 2.06b04 Authenticated Stack Overflow via apply.cgi
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action auto_up_fw (or auto_up_lp) with a sufficiently long update_file_name key.
CVSS 8.8
CVE-2020-14075 WRITEUP HIGH WRITEUP
TRENDnet TEW-827DRU Firmware < 2.06b04 - Authenticated OS Command Injection via apply.cgi
TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action pppoe_connect, ru_pppoe_connect, or dhcp_connect with the key wan_ifname (or wan0_dns), allowing an authenticated user to run arbitrary commands on the device.
CVSS 8.8
CVE-2020-14078 WRITEUP HIGH WRITEUP
TRENDnet TEW-827DRU < 2.06b04 - Authenticated Stack-Based Buffer Overflow via wifi_captive_portal_login REMOTE_ADDR
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action wifi_captive_portal_login with a sufficiently long REMOTE_ADDR key.
CVSS 8.8
CVE-2020-14079 WRITEUP HIGH WRITEUP
TRENDnet TEW-827DRU < 2.06b04 Authenticated Stack Overflow via apply.cgi
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action auto_up_fw (or auto_up_lp) with a sufficiently long update_file_name key.
CVSS 8.8
CVE-2020-14080 WRITEUP CRITICAL WRITEUP
TRENDnet TEW-827DRU Firmware < 2.06b04 - Unauthenticated Stack-Based Buffer Overflow via Ping Test
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an unauthenticated user to execute arbitrary code by POSTing to apply_sec.cgi via the action ping_test with a sufficiently long ping_ipaddr key.
CVSS 9.8
CVE-2020-14074 WRITEUP HIGH WRITEUP
TRENDnet TEW-827DRU Firmware < 2.06b04 - Authenticated Stack-Based Buffer Overflow via kick_ban_wifi_mac_allow Parameter
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action kick_ban_wifi_mac_allow with a sufficiently long qcawifi.wifi0_vap0.maclist key.
CVSS 8.8
CVE-2020-14077 WRITEUP HIGH WRITEUP
TRENDnet TEW-827DRU < 2.06b04 - Authenticated Stack-Based Buffer Overflow via WPS PIN Parameter
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action set_sta_enrollee_pin_wifi1 (or set_sta_enrollee_pin_wifi0) with a sufficiently long wps_sta_enrollee_pin key.
CVSS 8.8