Command Injection Vulnerability in TRENDnet TEW-411BRPplus Router
CVE-2023-51833

8.1HIGH

Key Information:

Vendor: Trendnet
Status: Tew-411brpplus Firmware
Vendor: CVE Published:; 25 January 2024

What is CVE-2023-51833?

A command injection vulnerability exists in the TRENDnet TEW-411BRPplus router, specifically impacting version 2.07_eu. This vulnerability allows a local attacker to exploit the data1 parameter on the debug.cgi page, enabling them to execute arbitrary code. Proper security measures and updates are essential to mitigate risks associated with this vulnerability.

References

https://www.trendnet.com/support/support-detail.asp?prod=...

https://warp-desk-89d.notion.site/TEW-411BRPplus-9bafe26e...

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 25, 2024
Vulnerability Reserved
Dec 26, 2023

Trendnet

What is CVE-2023-51833?

References

CVSS V3.1

Timeline