TRENDnet TEW-811DRU Web Interface command injection
CVE-2023-0638

9.8CRITICAL

Key Information:

Vendor: TRENDnet
Status: TEW-811DRU
Vendor: CVE Published:; 2 February 2023

What is CVE-2023-0638?

A command injection vulnerability has been identified in the web interface component of the TRENDnet TEW-811DRU. This issue allows an attacker to execute arbitrary commands on the device from a remote location, posing significant security risks. The affected version is 1.0.10.0, and exploits have been publicly disclosed, emphasizing the urgent need for users to address this vulnerability to protect their networks.

Affected Version(s)

TEW-811DRU 1.0.10.0

References

https://vuldb.com/?id.220018

vdb-entrytechnical-descriptionexploit

https://vuldb.com/?ctiid.220018

signature

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 2, 2023
Vulnerability Reserved
Feb 2, 2023

Credit

leetsun (VulDB User)