CVE-2020-14081

Name of the Vulnerable Software and Affected Versions TRENDnet TEW-827DRU versions through 2.06B04

Description The issue concerns command injections in the apply.cgi endpoint via the action send log email with the keys auth acname or auth passwd, allowing an authenticated user to run arbitrary commands on the device.

Recommendations For TRENDnet TEW-827DRU versions through 2.06B04, consider disabling access to the apply.cgi endpoint, specifically the action send log email, until a patch is available. Restrict the use of the auth acname and auth passwd keys to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.