CVE-2013-3365

Name of the Vulnerable Software and Affected Versions TRENDnet TEW-812DRU router (affected versions not specified)

Description The issue allows remote authenticated users to execute arbitrary commands via shell metacharacters in various parameters, including wan network prefix, remote port, pptp username, pptp password, ip, gateway, l2tp username, l2tp password, NtpDstStart, NtpDstEnd, NtpDstOffset, and device url in different API endpoints such as "/ipv6.asp", "/management.asp", and "/wan.asp". Additionally, unauthenticated remote attackers can exploit certain parameters by leveraging a related issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.