CVE-2024-28353

Name of the Vulnerable Software and Affected Versions TRENDnet TEW-827DRU router version 2.10B01

Description There is a command injection issue in the apply.cgi interface, allowing an attacker to inject commands into the post request parameters usapps.config.smb admin name, thereby gaining root shell privileges. This can enable a remote attacker to elevate their privileges to the root user level by modifying the request parameters. Over 500 services are potentially affected.

Recommendations For version 2.10B01, as a temporary workaround, consider restricting access to the apply.cgi interface and avoid using the usapps.config.smb admin name parameter in post requests until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.