CVE-2024-36728

Name of the Vulnerable Software and Affected Versions TRENDnet TEW-827DRU versions 2.06B04 and earlier

Description The issue is a stack-based buffer overflow in the ssi binary, allowing an authenticated user to execute arbitrary code. This can be achieved by sending a POST request to the "apply.cgi" endpoint via the action "vlan setting" with a sufficiently long dns1 or dns2 key.

Recommendations For TRENDnet TEW-827DRU versions 2.06B04 and earlier, consider disabling access to the "apply.cgi" endpoint or restricting the length of the dns1 and dns2 keys to prevent exploitation until a patch is available. As a temporary workaround, restrict access to the vulnerable ssi binary to minimize the risk of arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.