| عنوان | Trendnet TEW-821DAP v1.12B01 CWE-287 Improper Authentication |
|---|
| الوصف | During the firmware update process, there is a firmware authentication vulnerability in function find_hwid() and new_gui_update_firmware() of program ssi. The firmware uses hard-coded verification information in the authentication verification. In particular, these two functions extract the hardware ID of the firmware from the firmware image and store the hardware ID into the variable dest. Then, these two functions perform firmware authentication verification by comparing dest with the hard-coded authentication verification information: AP152AR9563-AP-150107-00, AP152AR9563-AP-151201-00, and AP152AR9563-AP-150707-00. Once the hackers obtain the hard-coded authentication verification, the hackers could easily bypass the authentication verification and upload maliciously compromised firmware. This issue in the firmware update process of Trendnet TEW-821DAP (firmware version:v1.12B01) allows attackers to execute arbitrary code or cause denial of service via uploading a compromised firmware with the same hard-coded authentication verification information as the new firmware for update. |
|---|
| المصدر | ⚠️ https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Trendnet/TEW-821DAP_Auth.md |
|---|
| المستخدم | IOT_Res (UID 81722) |
|---|
| ارسال | 16/04/2026 04:30 AM (2 أشهر منذ) |
|---|
| الاعتدال | 01/05/2026 02:07 PM (15 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 360563 [TRENDnet TEW-821DAP 1.12B01 Firmware Update find_hwid/new_gui_update_firmware dest توثيق ضعيف] |
|---|
| النقاط | 20 |
|---|