Remote Code Execution Vulnerability in TRENDnet TEW-824DRU Router
CVE-2024-22545

7.8HIGH

Key Information:

Vendor: Trendnet
Status: Tew-824dru Firmware
Vendor: CVE Published:; 26 January 2024

What is CVE-2024-22545?

A vulnerability exists in the TRENDnet TEW-824DRU router, specifically in version 1.04b01, where attackers can exploit the system.ntp.server parameter to execute arbitrary code. This vulnerability does not require authentication, enabling remote attackers to gain unauthorized control over the router. The susceptible function, sub_420AE0(), used by the device, significantly raises security concerns for users. It is crucial for TRENDnet TEW-824DRU users to apply necessary updates and secure their devices against potential exploitation.

References

https://warp-desk-89d.notion.site/TEW-824DRU-e7228d462ce2...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 26, 2024
Vulnerability Reserved
Jan 11, 2024

Trendnet

What is CVE-2024-22545?

References

CVSS V3.1

Timeline