| عنوان | TRENDnet TEW-822DRE v1.01B06 / 1.00B21 Command Injection |
|---|
| الوصف | A vulnerability was found in Trendnet TEW-822DRE firmware version 1.00b21 (and 1.00b06). It has been classified as critical. This vulnerability affects the function formWsc within the boa web server component . The manipulation of the argument peerPin leads to command injection. The attack can be initiated remotely but requires authentication. The vulnerability is triggered only when the Wireless Protected
Setup (WPS) feature is in a "disabled" state. In this specific configuration, the application fails to sanitize the peerPin input before concatenating it into a shell command string via sprintf and executing it with system(), allowing an attacker to execute arbitrary commands with root privileges. |
|---|
| المصدر | ⚠️ https://pentagonal-time-3a7.notion.site/TRENDnet-TEW-822DRE-Command-Injection-2c9e5dd4c5a580f190e9c411ad627e9a#2c9e5dd4c5a5801dae7ad20828639d4b |
|---|
| المستخدم | Anonymous User |
|---|
| ارسال | 14/12/2025 10:06 AM (4 أشهر منذ) |
|---|
| الاعتدال | 27/12/2025 11:12 AM (13 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 338517 [TRENDnet TEW-822DRE 1.00B21/1.01B06 /boafrm/formWsc sub_43ACF4 peerPin تجاوز الصلاحيات] |
|---|
| النقاط | 17 |
|---|