CVE-2020-14080

Name of the Vulnerable Software and Affected Versions TRENDnet TEW-827DRU versions through 2.06B04

Description The issue concerns a stack-based buffer overflow in the ssi binary, allowing an unauthenticated user to execute arbitrary code. This can be achieved by sending a POST request to the "apply sec.cgi" endpoint with the action set to "ping test" and including a sufficiently long value for the ping ipaddr key.

Recommendations For TRENDnet TEW-827DRU versions through 2.06B04, as a temporary workaround, consider restricting access to the "apply sec.cgi" endpoint to minimize the risk of exploitation. Avoid using the ping ipaddr key in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.