Stack-based Buffer Overflow in TRENDnet TEW-827DRU Devices
CVE-2024-36728

8.1HIGH

Key Information:

Vendor: TRENDnet
Status: Tew-827dru Firmware
Vendor: CVE Published:; 3 June 2024

What is CVE-2024-36728?

The TRENDnet TEW-827DRU devices, specifically versions up to and including 2.06B04, are susceptible to a stack-based buffer overflow that occurs within the 'ssi' binary. This vulnerability allows an authenticated user to exploit the system by sending specially crafted POST requests to the 'apply.cgi' endpoint, particularly through the 'action vlan_setting' parameter. By excessively lengthening the inputs for the 'dns1' or 'dns2' keys, an attacker can execute arbitrary code on the device. Such vulnerabilities pose significant risks to network integrity and confidentiality, warranting immediate attention and remediation to secure affected devices.

References

https://github.com/HouseFuzz/reports/blob/main/trendnet/T...

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 3, 2024