| عنوان | Trendnet TEW-821DAP v1.12B01 CWE-78 Improper Neutralization of Special Elements used in an OS |
|---|
| الوصف | During the firmware update process, there is command injection vulnerability in function tools_diagnostic() of program ssi. The users first input the IP address in the web page which would performs regular expression validation and transfer the IP address to ssi through AJAX POST request. Then, in the tools_diagnostic() of program ssi, the IP address is stored in variable s and is used as a parameter of the ping command. However, the hackers could inject malicious command into IP address. This issue in the firmware update process of Trendnet TEW-821DAP (firmware version:v1.12B01) allows attackers to execute arbitrary code or cause denial of service via constructing POST request that contains malicious command. |
|---|
| المصدر | ⚠️ https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Trendnet/TEW-821DAP_CI1.md |
|---|
| المستخدم | IOT_Res (UID 81722) |
|---|
| ارسال | 16/04/2026 04:33 AM (2 أشهر منذ) |
|---|
| الاعتدال | 01/05/2026 02:07 PM (15 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 360565 [TRENDnet TEW-821DAP حتى 1.12B01 tools_diagnostic تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|