Command Execution Vulnerability in TRENDnet TEW-812DRU Router
CVE-2013-3365

Currently unrated

Key Information:

Vendor: Trendnet
Status: Tew-812dru
Vendor: CVE Published:; 4 February 2014

What is CVE-2013-3365?

The TRENDnet TEW-812DRU router is vulnerable to command execution due to improper handling of user input in various parameters. Remote authenticated users can exploit this vulnerability by injecting shell metacharacters through specific fields such as WAN network prefixes, remote port settings, and various protocol usernames and passwords. Additionally, parameters related to NTP configurations can be targeted, allowing for potential exploitation by unauthenticated remote attackers when combined with other vulnerabilities.

References

http://securityevaluators.com/content/case-studies/router...

x_refsource_MISC

http://infosec42.blogspot.com/2013/07/exploit-trendnet-te...

x_refsource_MISC

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Feb 4, 2014
Vulnerability Reserved
May 6, 2013

Trendnet

What is CVE-2013-3365?

References

EPSS Score

Timeline