CVE-2022-47065

Name of the Vulnerable Software and Affected Versions TrendNet Wireless AC Easy-Upgrader TEW-820AP version 1.0R, firmware version 1.01.B01

Description The issue is related to a stack overflow via the submit-url parameter at the "/formNewSchedule" API endpoint. This allows attackers to execute arbitrary code via a crafted payload. It is noted that this issue only affects products that are no longer supported by the maintainer.

Recommendations For TrendNet Wireless AC Easy-Upgrader TEW-820AP version 1.0R, firmware version 1.01.B01, as a temporary workaround, consider disabling access to the "/formNewSchedule" API endpoint until a patch is available. Avoid using the submit-url parameter in the affected API endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.