提出 #842385: Trendnet TEW-821DAP v1.11B03 CWE-78 Improper Neutralization of Special Elements used in an OS情報

タイトルTrendnet TEW-821DAP v1.11B03 CWE-78 Improper Neutralization of Special Elements used in an OS
説明During the firmware update process, there is command injection vulnerability in function sub_41FBD0 of program ssi. In the NTP client configuration, the variable hostname is directly concatenated into the NTP time synchronization command. However, this variable is propagated from the user input without any verification. Once the hackers control the user input, malicious command could be injected into the NTP time synchronization command.
ソース⚠️ https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Trendnet/TEW-821DAP_CI5.md
ユーザー
 IOT_Res (UID 81722)
送信2026年05月29日 08:57 (1 月 ago)
モデレーション2026年07月11日 12:12 (1 month later)
ステータス承諾済み
VulDBエントリ377794 [TRENDnet TEW-821DAP 1.11B03 Firmware Update /goform/system_ntp sub_41FBD0 ホスト名 特権昇格]
ポイント20

Want to know what is going to be exploited?

We predict KEV entries!