CVE-2019-13278

Name of the Vulnerable Software and Affected Versions TRENDnet TEW-827DRU versions up to and including 2.04B03

Description The issue concerns command injections when processing user input for the setup wizard, allowing an unauthenticated user to run arbitrary commands on the device. This can be exploited on the local intranet or remotely if remote administration is enabled.

Recommendations For TRENDnet TEW-827DRU versions up to and including 2.04B03, consider disabling remote administration until a patch is available to prevent remote exploitation. As a temporary workaround, restrict access to the setup wizard to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.