PT-2019-12284 · Trendnet · Tew-652Bru+2
Published
2019-12-18
·
Updated
2019-12-23
·
CVE-2019-11399
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
TRENDnet TEW-651BR version 2.04B1
TRENDnet TEW-652BRP version 3.04b01
TRENDnet TEW-652BRU version 1.00b12
Description
An issue was discovered that allows OS command injection through the "get set.ccp" API endpoint, specifically the
lanHostCfg HostName 1.1.1.0.0 parameter.Recommendations
For TRENDnet TEW-651BR version 2.04B1, avoid using the
lanHostCfg HostName 1.1.1.0.0 parameter in the "get set.ccp" API endpoint until the issue is resolved.
For TRENDnet TEW-652BRP version 3.04b01, avoid using the lanHostCfg HostName 1.1.1.0.0 parameter in the "get set.ccp" API endpoint until the issue is resolved.
For TRENDnet TEW-652BRU version 1.00b12, avoid using the lanHostCfg HostName 1.1.1.0.0 parameter in the "get set.ccp" API endpoint until the issue is resolved.
At the moment, there is no information about a newer version that contains a fix for this issue.Exploit
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tew-651Br
Tew-652Brp
Tew-652Bru