PT-2018-14887 · Trendnet · Trendnet Tv-Ip110Wn+1
Hamed Okhravi
+3
·
Published
2018-12-20
·
Updated
2019-01-14
·
CVE-2018-19240
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
TRENDnet TV-IP110WN versions 1.2.2 build 64 through 1.2.2 build 68
TRENDnet TV-IP110WN version 1.2.2.65
TRENDnet TV-IP121WN version 1.2.2 build 28
Description
The issue allows attackers to hijack the control flow to any attacker-specified location by crafting a POST request payload without authentication. This is due to a buffer overflow in the network.cgi.
Recommendations
For TRENDnet TV-IP110WN versions 1.2.2 build 64 through 1.2.2 build 68, consider restricting access to the network.cgi until a patch is available.
For TRENDnet TV-IP110WN version 1.2.2.65, consider restricting access to the network.cgi until a patch is available.
For TRENDnet TV-IP121WN version 1.2.2 build 28, consider restricting access to the network.cgi until a patch is available.
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Trendnet Tv-Ip110Wn
Trendnet Tv-Ip121Wn