CVE-2024-57590

Name of the Vulnerable Software and Affected Versions TRENDnet TEW-632BRP version 1.010B31

Description The issue is related to an OS command injection vulnerability in the CGl interface "ntp sync.cgi". This vulnerability allows remote attackers to execute arbitrary commands via the ntp server parameter passed to the "ntp sync.cgi" binary through a POST request to the "/ntp sync.cgi" endpoint.

Recommendations For TRENDnet TEW-632BRP version 1.010B31, consider disabling the "ntp sync.cgi" interface until a patch is available to prevent exploitation of the ntp server parameter. Restrict access to the "ntp sync.cgi" binary to minimize the risk of arbitrary command execution. Avoid using the ntp server parameter in the affected API endpoint until the issue is resolved.