CVE-2019-13280

Name of the Vulnerable Software and Affected Versions TRENDnet TEW-827DRU versions up to and including 2.04B03

Description The issue arises from a stack-based buffer overflow that occurs when the device returns an error message about failing to resolve a hostname during a ping or traceroute attempt. This allows an authenticated user to execute arbitrary code. The exploit can be exercised both on the local intranet or remotely if remote administration is enabled.

Recommendations For TRENDnet TEW-827DRU versions up to and including 2.04B03, update the firmware to a version later than 2.04B03 to resolve the issue. As a temporary workaround, consider disabling remote administration to minimize the risk of remote exploitation.