| शीर्षक | Trendnet TEW-821DAP v1.12B01 CWE-319: Cleartext Transmission of Sensitive Information |
|---|
| विवरण | During the firmware update process, there is a firmware download vulnerability in program ssi(/www/cgi/ssi). In the firmware download, the device applies hard-coded firmware download url and use http protocol instead of https protocol. Therefore, the firmware download is vulnerable to the MITM attack. Once the hackers obtain the url, they could overwrite the url to perform firmware modification attack or redirect it to a malicious url to perform redirection attack. This issue in the firmware update process of Trendnet TEW-821DAP (firmware version:v1.12B01) allows attackers to execute arbitrary code or cause denial of service via overwriting or redirecting the firmware upload url. |
|---|
| स्रोत | ⚠️ https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Trendnet/TEW-821DAP_Down.md |
|---|
| उपयोगकर्ता | IOT_Res (UID 81722) |
|---|
| सबमिशन | 16/04/2026 04:37 AM (2 महीनों पहले) |
|---|
| संयम | 01/05/2026 02:08 PM (15 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 360567 [TRENDnet TEW-821DAP 1.12B01 Firmware Update /www/cgi/ssi कमजोर एन्क्रिप्शन] |
|---|
| अंक | 20 |
|---|