PT-2024-27694 · Trendnet · Trendnet Tew-814Dap

Published

2024-06-14

Updated

2024-07-03

CVE-2024-37641

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions TRENDnet TEW-814DAP version 1 (FW1.01B01)

Description A stack overflow issue was discovered, which can be triggered via the submit-url parameter at the "/formNewSchedule" API endpoint.

Recommendations For TRENDnet TEW-814DAP version 1 (FW1.01B01), avoid using the submit-url parameter in the "/formNewSchedule" API endpoint until a fix is available. As a temporary workaround, consider restricting access to the "/formNewSchedule" endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Stack Overflow

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121CWE-77

Related Identifiers

BDU:2026-02113

CVE-2024-37641

Affected Products

Trendnet Tew-814Dap

PT-2024-27694 · Trendnet · Trendnet Tew-814Dap

CVE-2024-37641

Weakness Enumeration

Related Identifiers

Affected Products

References · 5