Stack-based Buffer Overflow in TRENDnet TEW-827DRU Router
CVE-2020-14076

8.8HIGH

Key Information:

Vendor

Trendnet

Status
Tew-827dru Firmware
Vendor
CVE Published:
15 June 2020

What is CVE-2020-14076?

TRENDnet TEW-827DRU devices prior to version 2.06B04 are vulnerable to a stack-based buffer overflow due to improper handling of input within the ssi binary. An authenticated user can exploit this vulnerability by POSTing a maliciously crafted request to apply.cgi with the actions st_dev_connect, st_dev_disconnect, or st_dev_rconnect. This can lead to arbitrary code execution, potentially allowing the attacker to gain unauthorized control over the device. Ensure that you are using the latest firmware to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/kuc001/IoTFirmware/blob/master/Trendne...
x_refsource_MISC
https://github.com/kuc001/IoTFirmware/blob/master/Trendne...
x_refsource_MISC
https://github.com/kuc001/IoTFirmware/blob/master/Trendne...
x_refsource_MISC

EPSS Score

6% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.