Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-0918

A vulnerability was found in TRENDnet TEW-800MB 1.0.1.0 and classified as critical. Affected by this issue is some unknown functionality of the component POST Request Handler. The manipulation of the argument DeviceURL leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252122 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Published

2024-01-26T09:15:07.707

Last Modified

2024-11-21T08:47:44.287

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.2 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:M/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: MULTIPLE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

6.4

Impact Score

10.0

Weaknesses

Type: Primary
CWE-78

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	trendnet	tew-800mb_firmware	1.0.1.0	Yes
Hardware	trendnet	tew-800mb	-	No

References

https://vuldb.com/?ctiid.252122 Permissions Required, Third Party Advisory ([email protected])
https://vuldb.com/?id.252122 Third Party Advisory ([email protected])
https://warp-desk-89d.notion.site/TEW-800MB-1f9576ce12234b72b08b9c7f4c7d32a6?pvs=4 Exploit, Third Party Advisory ([email protected])
https://vuldb.com/?ctiid.252122 Permissions Required, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://vuldb.com/?id.252122 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://warp-desk-89d.notion.site/TEW-800MB-1f9576ce12234b72b08b9c7f4c7d32a6?pvs=4 Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)