CVE-2024-42813

Name of the Vulnerable Software and Affected Versions TRENDnet TEW-752DRU version 1.03B01

Description The issue is due to a lack of length verification for the service field in gena.cgi, leading to a buffer overflow. This can cause the remote target device to crash or allow attackers to execute arbitrary commands. The estimated number of potentially affected devices worldwide is not specified.

Recommendations For TRENDnet TEW-752DRU version 1.03B01, as a temporary workaround, consider disabling access to the gena.cgi endpoint until a patch is available. Restrict the use of the service parameter in the gena.cgi endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.