जमा करें #842385: Trendnet TEW-821DAP v1.11B03 CWE-78 Improper Neutralization of Special Elements used in an OSजानकारी

शीर्षकTrendnet TEW-821DAP v1.11B03 CWE-78 Improper Neutralization of Special Elements used in an OS
विवरणDuring the firmware update process, there is command injection vulnerability in function sub_41FBD0 of program ssi. In the NTP client configuration, the variable hostname is directly concatenated into the NTP time synchronization command. However, this variable is propagated from the user input without any verification. Once the hackers control the user input, malicious command could be injected into the NTP time synchronization command.
स्रोत⚠️ https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Trendnet/TEW-821DAP_CI5.md
उपयोगकर्ता
 IOT_Res (UID 81722)
सबमिशन29/05/2026 08:57 AM (1 महीना पहले)
संयम11/07/2026 12:12 PM (1 month later)
स्थितिस्वीकृत
VulDB प्रविष्टि377794 [TRENDnet TEW-821DAP 1.11B03 Firmware Update /goform/system_ntp sub_41FBD0 होस्टनाम अधिकार वृद्धि]
अंक20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!