Pjq_Buoy

**Name of the Vulnerable Software and Affected Versions** TRENDnet TEW-432BRP version 3.10B20 **Description** A stack-based buffer overflow can be triggered remotely via the `webpage` argument in the `formSetPassword()` function located in the '/goform/formSetPassword' endpoint. A stack-based buffer overflow occurs when a program writes more data to a buffer located on the stack than the buffer is allocated to hold, potentially leading to crashes or arbitrary code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TRENDnet TEW-432BRP version 3.10B20 **Description** A stack-based buffer overflow occurs due to the manipulation of the `enrollee` argument within the `formWlanSetup()` function located in the `/goform/formWlanSetup` file. This issue allows a remote attacker to initiate an attack. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TRENDnet TEW-432BRP version 3.10B20 **Description** A stack-based buffer overflow exists in the `formPortFw()` function within the `/goform/formPortFw` file. This issue is triggered by the manipulation of the `server name` argument, allowing a remote attacker to send excessively long or malformed strings. This can lead to arbitrary code execution or a denial of service. The attack can be launched remotely without authentication. **Recommendations** For version 3.10B20, replace the device or isolate it from untrusted networks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TRENDnet TEW-432BRP version 3.10B20 **Description** A stack-based buffer overflow can be initiated remotely via the `formSysLog()` function located in the `/goform/formSysLog` file. This issue occurs due to the improper manipulation of the `current page` argument. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TRENDnet TEW-432BRP version 3.10B20 **Description** A stack-based buffer overflow occurs in the `formSetEnableWizard()` function within the `/goform/formSetEnableWizard` file. This issue is triggered by the manipulation of the `start wizard` argument and can be exploited remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TRENDnet TEW-432BRP version 3.10B20 **Description** A stack-based buffer overflow occurs when manipulating the `status statistic` argument within the `formResetStatistic()` function located in the '/goform/formResetStatistic' endpoint. This issue allows for remote attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TRENDnet TEW-432BRP version 3.10B20 **Description** A stack-based buffer overflow exists in the `formSetWlanEncrypt()` function within the file `/goform/formSetWlanEncrypt`. This issue occurs when the `webpage` argument is manipulated, allowing a remote attacker to initiate the attack. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TRENDnet TEW-432BRP version 3.10B20 **Description** Command injection is possible in the `formSysCmd()` function located in the `/goform/formSysCmd` file. A remote attacker can exploit this by manipulating the `sysCmd` argument to execute arbitrary commands. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TRENDnet TEW-432BRP version 3.10B20 **Description** A stack-based buffer overflow can be triggered remotely by manipulating the `submit-url` argument within the `formSysCmd()` function located in the `/goform/formSysCmd` file. A stack-based buffer overflow occurs when a program writes more data to a buffer located on the stack than the buffer is allocated to hold, potentially leading to crashes or arbitrary code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TRENDnet TEW-432BRP version 3.10B20 **Description** Remote command injection is possible through the manipulation of the `enrollee` argument within the `formWlanSetup()` function located in the `/goform/formWlanSetup` file. This allows an attacker to execute arbitrary commands on the device remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.