PT-2019-12302 · Trendnet · Trendnet Tv-Ip110Wn

Published

2019-04-21

Updated

2021-07-21

CVE-2019-11417

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions TRENDnet TV-IP110WN camera version 1.2.2 build 28, 64, 65, and 68

Description The system.cgi on TRENDnet TV-IP110WN cameras has a buffer overflow issue due to an inadequate source-length check before a strcpy operation in the respondAsp function. This can be exploited by attackers using the languse parameter with a long string.

Recommendations For version 1.2.2 build 28, avoid using the languse parameter with long strings until a fix is available. For version 1.2.2 build 64, restrict access to the system.cgi to minimize the risk of exploitation. For version 1.2.2 build 65, consider disabling the respondAsp function as a temporary workaround. For version 1.2.2 build 68, limit the input length for the languse parameter to prevent buffer overflow.

Fix

RCE

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-787

Related Identifiers

CVE-2019-11417

Affected Products

Trendnet Tv-Ip110Wn

PT-2019-12302 · Trendnet · Trendnet Tv-Ip110Wn

CVE-2019-11417

Weakness Enumeration

Related Identifiers

Affected Products

References · 3