CVE-2024-36729

Name of the Vulnerable Software and Affected Versions TRENDnet TEW-827DRU versions 2.06B04 and earlier

Description The issue is a stack-based buffer overflow in the ssi binary, allowing an authenticated user to execute arbitrary code. This can be achieved by sending a POST request to "apply.cgi" via the action "wizard ipv6" with a sufficiently long reboot type key.

Recommendations For TRENDnet TEW-827DRU versions 2.06B04 and earlier, as a temporary workaround, consider restricting access to the "apply.cgi" endpoint to minimize the risk of exploitation. Avoid using the reboot type key in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.