CVE-2013-3365 in TEW-812DRU
요약 (영어)
TRENDnet TEW-812DRU router allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) wan network prefix to internet/ipv6.asp; (2) remote port to adm/management.asp; (3) pptp username, (4) pptp password, (5) ip, (6) gateway, (7) l2tp username, or (8) l2tp password to internet/wan.asp; (9) NtpDstStart, (10) NtpDstEnd, or (11) NtpDstOffset to adm/time.asp; or (12) device url to adm/management.asp. NOTE: vectors 9, 10, and 11 can be exploited by unauthenticated remote attackers by leveraging CVE-2013-3098.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
예약하다
2013. 05. 06.
공개
2014. 02. 04.
상태
확인됨
엔트리
VulDB provides additional information and datapoints for this CVE:
| 아이디 | 취약성 | CWE | 악용 | 대책 | CVE |
|---|---|---|---|---|---|
| 9806 | TRENDnet TEW-812DRU Input Sanitizer setNTP.cgi 권한 상승 | 78 | 개념 증명 | 정의되지 않음 | CVE-2013-3365 |