CVE-2018-19241

Name of the Vulnerable Software and Affected Versions TRENDnet TV-IP110WN versions 1.2.2 build 64 through 1.2.2 build 68 TRENDnet TV-IP110WN version 1.2.2.65 TRENDnet TV-IP121WN version 1.2.2 build 28

Description The issue allows attackers to hijack the control flow to any attacker-specified location by crafting a POST request payload without authentication. This is due to a buffer overflow in the video.cgi component.

Recommendations For TRENDnet TV-IP110WN versions 1.2.2 build 64 through 1.2.2 build 68, consider restricting access to the video.cgi component until a patch is available. For TRENDnet TV-IP110WN version 1.2.2.65, consider restricting access to the video.cgi component until a patch is available. For TRENDnet TV-IP121WN version 1.2.2 build 28, consider restricting access to the video.cgi component until a patch is available. As a temporary workaround, avoid using the video.cgi component in the affected devices until the issue is resolved.