CVE-2020-14078

Name of the Vulnerable Software and Affected Versions TRENDnet TEW-827DRU versions through 2.06B04

Description The issue is a stack-based buffer overflow in the ssi binary, allowing an authenticated user to execute arbitrary code. This can be achieved by sending a POST request to the "apply.cgi" endpoint with the action set to "wifi captive portal login" and including a sufficiently long REMOTE ADDR key.

Recommendations For TRENDnet TEW-827DRU versions through 2.06B04, consider restricting access to the "apply.cgi" endpoint to prevent exploitation until a patch is available. As a temporary workaround, avoid using the REMOTE ADDR key in the "wifi captive portal login" action to minimize the risk of arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.