CVE-2024-22545

Name of the Vulnerable Software and Affected Versions TRENDnet TEW-824DRU version 1.04b01

Description An issue in the TRENDnet TEW-824DRU allows unauthenticated attackers to execute arbitrary code via the system.ntp.server parameter in the sub 420AE0() function. The attack can be launched remotely. This is related to insufficient argument checking in the sub 420AE0() function, which can be exploited by a remote attacker to execute arbitrary code.

Recommendations For TRENDnet TEW-824DRU version 1.04b01, consider disabling the sub 420AE0() function or restricting access to the system.ntp.server parameter until a patch is available. Avoid using the system.ntp.server parameter in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.