Hamed Okhravi

**Name of the Vulnerable Software and Affected Versions** TRENDnet TEW-673GRU version 1.00b40 **Description** The issue allows remote attackers to execute arbitrary commands on the device. This is achieved by exploiting an OS command injection vulnerability in the start arpping function of the timer binary. The vulnerability can be triggered by passing malicious input to the `dhcpd start`, `dhcpd end`, and `lan ipaddr` parameters in a POST request to the "apply.cgi" binary. **Recommendations** For TRENDnet TEW-673GRU version 1.00b40, as a temporary workaround, consider restricting access to the apply.cgi binary to minimize the risk of exploitation. Avoid using the parameters `dhcpd start`, `dhcpd end`, and `lan ipaddr` in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TRENDnet TV-IP110WN versions 1.2.2 build 64 through 1.2.2 build 68 TRENDnet TV-IP110WN version 1.2.2.65 TRENDnet TV-IP121WN version 1.2.2 build 28 **Description** The issue allows attackers to hijack the control flow to any attacker-specified location by crafting a POST request payload without authentication. This is due to a buffer overflow in the network.cgi. **Recommendations** For TRENDnet TV-IP110WN versions 1.2.2 build 64 through 1.2.2 build 68, consider restricting access to the network.cgi until a patch is available. For TRENDnet TV-IP110WN version 1.2.2.65, consider restricting access to the network.cgi until a patch is available. For TRENDnet TV-IP121WN version 1.2.2 build 28, consider restricting access to the network.cgi until a patch is available.

**Name of the Vulnerable Software and Affected Versions** TRENDnet TV-IP110WN versions 1.2.2 build 64 through 1.2.2 build 68 TRENDnet TV-IP110WN version 1.2.2.65 TRENDnet TV-IP121WN version 1.2.2 build 28 **Description** The issue allows attackers to hijack the control flow to any attacker-specified location by crafting a POST request payload without authentication. This is due to a buffer overflow in the video.cgi component. **Recommendations** For TRENDnet TV-IP110WN versions 1.2.2 build 64 through 1.2.2 build 68, consider restricting access to the video.cgi component until a patch is available. For TRENDnet TV-IP110WN version 1.2.2.65, consider restricting access to the video.cgi component until a patch is available. For TRENDnet TV-IP121WN version 1.2.2 build 28, consider restricting access to the video.cgi component until a patch is available. As a temporary workaround, avoid using the video.cgi component in the affected devices until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** TRENDnet TEW-632BRP version 1.010B32 TRENDnet TEW-673GRU (affected versions not specified) **Description** The issue is related to a buffer overflow in the apply.cgi file, which can be exploited by crafting a POST request payload with authentication. This allows attackers to hijack the control flow to any location specified by the attacker. **Recommendations** For TRENDnet TEW-632BRP version 1.010B32, consider restricting access to the apply.cgi file until a patch is available. For TRENDnet TEW-673GRU, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ONOS versions prior to 1.14 **Description** A time-of-check to time-of-use (TOCTOU) race condition exists in the access control application of ONOS, allowing attackers to bypass network access control. This can be achieved via data plane packet injection. **Recommendations** For versions prior to 1.14, update to version 1.14 or later to resolve the issue.