Setup Wizard Bypass in TRENDnet Router
CVE-2019-13277

7.5HIGH

Key Information:

Vendor: Trendnet
Status: Tew-827dru Firmware
Vendor: CVE Published:; 9 July 2019

What is CVE-2019-13277?

The TRENDnet TEW-827DRU firmware version 2.04B03 and earlier is susceptible to a security vulnerability that allows unauthenticated users to leverage the setup wizard functionality. This can grant an attacker the ability to modify crucial configuration settings, potentially causing service disruptions and denial of service. If remote administration is enabled, these malicious requests can be executed from outside the local network, heightening the risk of unauthorized access and control.

References

https://github.com/fuzzywalls/TRENDNetExploits/tree/maste...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 9, 2019
Vulnerability Reserved
Jul 4, 2019

Trendnet

What is CVE-2019-13277?

References

CVSS V3.1

Timeline