CRITICALπŸ‡΅πŸ‡± Wersja polska

CVE-2024-28354

CVSS 10.0v3.1pub. 2024-03-15upd. 2025-04-01

There is a command injection vulnerability in the TRENDnet TEW-827DRU router with firmware version 2.10B01. An attacker can inject commands into the post request parameters usapps.@smb[%d].username in the apply.cgi interface, thereby gaining root shell privileges.

πŸ€– AI Analysis
How it works

The vulnerability is located in the router's apply.cgi interface and consists of insufficient input data validation in POST request parameters β€” specifically in the 'usapps.@smb[%d].username' parameter. An attacker can inject arbitrary system commands through a specially crafted HTTP POST request. Since the attack requires no authentication or user interaction, and the attack vector is network-based, the vulnerability is particularly dangerous for devices accessible from the Internet.

Impact

An attacker gains an interactive system shell session (root shell) on the device, which means full takeover of the router β€” ability to modify network configuration, intercept traffic, install malware, and use the device as a launching point for further attacks on the internal network.

Mitigation & patch

Patches available from the manufacturer should be applied according to references. Until an update is applied, it is recommended to restrict access to the router's management interface only to trusted hosts on the local network and block access to the admin panel from the WAN side.

Who is affected

TRENDnet TEW-827DRU router with firmware version 2.10B01

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Trendnet Tew 827dru

    HW
    Trendnet
    wszystkie wersje
  • Trendnet Tew 827dru Firmware

    OS
    Trendnet
    2.10b01
πŸ”΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2021-20158CRITICAL9.8ten sam produkt

Trendnet AC2600 TEW-827DRU version 2.08B01 contains an authentication bypass vulnerability. It is possible for...

CVE-2021-20155CRITICAL9.8ten sam produkt

Trendnet AC2600 TEW-827DRU version 2.08B01 makes use of hardcoded credentials. It is possible to backup and re...

CVE-2021-20151CRITICAL10.0ten sam produkt

Trendnet AC2600 TEW-827DRU version 2.08B01 contains a flaw in the session management for the device. The route...

CVE-2021-20149CRITICAL9.8ten sam produkt

Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient access controls for the WAN interface. The...

CVE-2020-14080CRITICAL9.8ten sam produkt

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overf...

CVE-2024-28354 β€” Trendnet β€” Tew-827Dru β€” CRITICAL β€” CVSS 10.0 | CVEbaza.pl