PT-2019-12284 · Trendnet · Tew-652Bru+2
Publicado
2019-12-18
·
Atualizado
2019-12-23
·
CVE-2019-11399
CVSS v3.1
10
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
TRENDnet TEW-651BR version 2.04B1
TRENDnet TEW-652BRP version 3.04b01
TRENDnet TEW-652BRU version 1.00b12
Description
An issue was discovered that allows OS command injection through the "get set.ccp" API endpoint, specifically the
lanHostCfg HostName 1.1.1.0.0 parameter.Recommendations
For TRENDnet TEW-651BR version 2.04B1, avoid using the
lanHostCfg HostName 1.1.1.0.0 parameter in the "get set.ccp" API endpoint until the issue is resolved.
For TRENDnet TEW-652BRP version 3.04b01, avoid using the lanHostCfg HostName 1.1.1.0.0 parameter in the "get set.ccp" API endpoint until the issue is resolved.
For TRENDnet TEW-652BRU version 1.00b12, avoid using the lanHostCfg HostName 1.1.1.0.0 parameter in the "get set.ccp" API endpoint until the issue is resolved.
At the moment, there is no information about a newer version that contains a fix for this issue.Exploit
Correção
OS Command Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Tew-651Br
Tew-652Brp
Tew-652Bru