Zephyr369

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-615 version 4.10 **Description** A flaw exists within the Web Configuration Interface of the D-Link DIR-615, specifically in the `adv routing.php` file. Manipulation of the `dest ip`, `submask`, and `gw` arguments can lead to os command injection. This issue is remotely exploitable. The exploit has been publicly released. This vulnerability impacts products that are no longer supported by the maintainer. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-615 version 4.10 **Description** A flaw exists in the DMZ Host Feature of the D-Link DIR-615. Specifically, the issue resides within the `adv firewall.php` file. Manipulation of the `dmz ipaddr` argument can lead to operating system command injection. This allows for remote attacks. The exploit has been publicly disclosed. This vulnerability affects products that are no longer supported by the maintainer. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-615 version 4.10 **Description** A flaw exists in the MAC Filter Configuration component of the D-Link DIR-615. Specifically, manipulation of the `mac` argument in the `/adv mac filter.php` file can lead to os command injection. This allows for remote execution of commands. The exploit for this issue has been publicly disclosed. This vulnerability affects products that are no longer supported by the maintainer. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-615 versions up to 4.10 **Description** A flaw exists in the Web Management Interface component of D-Link DIR-615. Specifically, a manipulation of the `ipaddr` argument in the /wiz policy 3 machine.php file can lead to os command injection. This allows for remote attacks. The exploit is publicly available. This issue affects products that are no longer supported by the maintainer. **Recommendations** Versions prior to 4.10 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-615 version 4.10 **Description** A flaw exists in the URL Filter component of D-Link DIR-615 version 4.10, specifically in the processing of the `/set temp nodes.php` file. This allows for os command injection, which can be triggered remotely. The exploit for this issue has been publicly released. This vulnerability impacts products that are no longer supported by the maintainer. The vulnerable file is `/set temp nodes.php`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TRENDnet TEW-713RE version 1.02 **Description** A flaw exists in TRENDnet TEW-713RE that allows for remote operating system command injection. The issue is located in the `/goformX/formFSrvX` file, specifically through manipulation of the `SZCMD` parameter. Successful exploitation allows attackers to execute arbitrary commands on the system. The exploit is publicly available. The vendor was notified of the issue but did not provide a response. **Recommendations** TRENDnet TEW-713RE version 1.02: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TRENDnet TEW-811DRU version 1.0.2.0 **Description** A flaw exists in TRENDnet TEW-811DRU version 1.0.2.0 related to the `setDeviceURL` function within the `uapply.cgi` file of the `httpd` component. Manipulation of the `DeviceURL` argument can lead to operating system command injection. This issue is remotely exploitable. The exploit has been published. The vendor was contacted but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TRENDnet TEW-822DRE versions 1.00B21 and 1.01B06 **Description** A flaw exists in TRENDnet TEW-822DRE routers that allows for remote command injection. The issue is related to the manipulation of the `peerPin` argument within the `sub 43ACF4` function of the `/boafrm/formWsc` file. Successful exploitation allows for remote execution of commands. The exploit details have been publicly disclosed. **Recommendations** Update TRENDnet TEW-822DRE version 1.00B21 to a newer, fixed version. Update TRENDnet TEW-822DRE version 1.01B06 to a newer, fixed version.

**Name of the Vulnerable Software and Affected Versions** TRENDnet TEW-800MB version 1.0.1.0 **Description** A security issue has been identified in TRENDnet TEW-800MB version 1.0.1.0. The issue resides in the Management Interface component, specifically within the `do setWizard asp` function located in the `/goform/wizardset` file. Manipulation of the `WizardConfigured` argument can lead to command injection. This attack can be initiated remotely. The exploit for this issue has been publicly disclosed. The vendor was notified but did not respond. **Recommendations** TRENDnet TEW-800MB version 1.0.1.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TRENDnet TEW-800MB version 1.0.1.0 **Description** A command injection issue exists in the TRENDnet TEW-800MB. The issue is located in the `NTPSyncWithHost.cgi` file, specifically within the `sub F934` function. Successful exploitation allows for remote command execution. The exploit is publicly available, and the vendor was notified but did not respond. **Recommendations** TRENDnet TEW-800MB version 1.0.1.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability.