| 제목 | TRENDnet TEW-824DRU 1.04b01 Command injection |
|---|
| 설명 | There is a command injection vulnerability in the TEW-824DRU router with firmware version 1.04b01. If an attacker gains web management privileges, they can inject commands into the post request parameters system.ntp.server in the apply.cgi interface, thereby gaining shell privileges. If a user has already logged in and still has a session, then an attacker can execute remote code execution (RCE) directly without needing to log in. |
|---|
| 원천 | ⚠️ https://warp-desk-89d.notion.site/TEW-824DRU-e7228d462ce24fa1a9fecb0bee57caad?pvs=4 |
|---|
| 사용자 | Sonicrr (UID 61527) |
|---|
| 제출 | 2024. 01. 16. AM 09:05 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 01. 26. AM 09:10 (10 days later) |
|---|
| 상태 | 중복 |
|---|
| VulDB 항목 | 252125 [TRENDnet TEW-824DRU 1.04b01 sub_420AE0 권한 상승] |
|---|
| 포인트들 | 0 |
|---|