Description
TRENDnet TEW-815DAP 1.0.2.0 is vulnerable to Command Injection via the do_setNTP function. An authenticated attacker with administrator privileges can leverage this vulnerability over the network via a malicious POST request.
References (2)
Core 2
Core References
Exploit, Third Party Advisory
https://warp-desk-89d.notion.site/TEW-815DAP-94a631c20dee4f399268dbcc880f1f4c
Broken Link, Vendor Advisory
https://www.trendnet.com/support/support-detail.asp?prod=105_TEW-815DAP
Scores
CVSS v3
6.4
EPSS
0.0021
EPSS Percentile
43.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-77
Status
published
Products (1)
trendnet/tew-815dap_firmware
1.0.2.0
Published
Apr 30, 2024
Tracked Since
Feb 18, 2026