| タイトル | TRENDnet TEW-822DRE v1.01B06 / 1.00B21 Command Injection |
|---|
| 説明 | A vulnerability was found in Trendnet TEW-822DRE firmware version 1.00b21 (and 1.00b06). It has been classified as critical. This vulnerability affects the function formWsc within the boa web server component . The manipulation of the argument peerPin leads to command injection. The attack can be initiated remotely but requires authentication. The vulnerability is triggered only when the Wireless Protected
Setup (WPS) feature is in a "disabled" state. In this specific configuration, the application fails to sanitize the peerPin input before concatenating it into a shell command string via sprintf and executing it with system(), allowing an attacker to execute arbitrary commands with root privileges. |
|---|
| ソース | ⚠️ https://pentagonal-time-3a7.notion.site/TRENDnet-TEW-822DRE-Command-Injection-2c9e5dd4c5a580f190e9c411ad627e9a#2c9e5dd4c5a5801dae7ad20828639d4b |
|---|
| ユーザー | Anonymous User |
|---|
| 送信 | 2025年12月14日 10:06 (4 月 ago) |
|---|
| モデレーション | 2025年12月27日 11:12 (13 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 338517 [TRENDnet TEW-822DRE 1.00B21/1.01B06 /boafrm/formWsc sub_43ACF4 peerPin 特権昇格] |
|---|
| ポイント | 17 |
|---|