Command Injection Vulnerability in TRENDnet TEW-827DRU Router
CVE-2024-28353

Currently unrated

Key Information:

Vendor

TRENDnet

Status
Tew-827dru Firmware
Vendor
CVE Published:
15 March 2024

Badges

đź“° News Worthy

What is CVE-2024-28353?

CVE-2024-28353 is a command injection vulnerability in the TRENDnet TEW-827DRU router with firmware version 2.10B01. This vulnerability allows attackers to gain root shell privileges by injecting commands through the post request parameters in the apply.cgi interface. The vulnerability can be exploited both locally and remotely, potentially leading to data theft, malware installation, network disruption, and further attacks. TRENDnet has acknowledged the vulnerabilities and plans to release a patched firmware update to address the issue. In the meantime, users are advised to disable remote administration and check for the update on TRENDnet's support website.

News Articles

favicon imagesecurityonline.info

CVE-2024-28353 Archives

VulnerabilityMarch 17, 2024CVE-2024-28353 & 28354: TRENDnet Router Takeover Flaws Exposed, No Patch AvailableSecurity researchers have uncovered two serious “command injection” vulnerabilities in the...

favicon imagesecurityonline.info

CVE-2024-28353 & 28354: TRENDnet Router Takeover Flaws Exposed, No Patch Available

CVE-2024-28353 and CVE-2024-28354 leave these routers alarmingly exposed to potential remote takeover by cyberattackers

References

https://warp-desk-89d.notion.site/TEW-827DRU-5c40fb205721...

Timeline

  • đź“°

    First article discovered by securityonline.info

  • Vulnerability published

  • Vulnerability Reserved

.