Undocumented TELNET Service Vulnerability in TRENDnet Routers
CVE-2013-3366

8.8HIGH

Key Information:

Vendor

Trendnet

Status
Tew-812dru Firmware
Vendor
CVE Published:
13 November 2019

What is CVE-2013-3366?

The TRENDnet TEW-812DRU router contains an undocumented TELNET service that can be exploited through a web page parameter containing a specific password. This unauthorized access point poses significant security risks, allowing malicious actors to gain control of the device and potentially launch further attacks on the network. Users should ensure that the firmware is updated and sensitive features are secured to mitigate potential exploitations via this overlooked service.

References

https://www.ise.io/casestudies/exploiting-soho-routers/
x_refsource_MISC
https://www.ise.io/soho_service_hacks/
x_refsource_MISC
https://www.ise.io/wp-content/uploads/2017/07/soho_techre...
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.