Remote Code Execution Vulnerability in TRENDnet Network Camera
CVE-2023-49235

9.8CRITICAL

Key Information:

Vendor: TRENDnet
Status: Tv-ip1314pi Firmware
Vendor: CVE Published:; 9 January 2024

What is CVE-2023-49235?

A vulnerability has been identified in the TRENDnet TV-IP1314PI device, specifically within the libremote_dbg.so library. The flaw arises from improper handling of debug information during the execution of the popen function. This oversight allows attackers to circumvent validation mechanisms, enabling them to execute arbitrary shell commands on the device. Such exploitation poses a significant security risk, as it could lead to unauthorized access and control over the affected device. Users should review the details and implement necessary security measures to mitigate potential threats.

References

https://drive.google.com/file/d/1lTloBkH_7zAz1ZbFVSZnfpoP...

https://github.com/pcsle37/TRENDnet/blob/main/TRENDnet_vu...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 9, 2024
Vulnerability Reserved
Nov 24, 2023