| Название | TRENDnet TEW-824DRU 1.04b01 Command injection |
|---|
| Описание | There is a command injection vulnerability in the TEW-824DRU router with firmware version 1.04b01. If an attacker gains web management privileges, they can inject commands into the post request parameters system.ntp.server in the apply.cgi interface, thereby gaining shell privileges. If a user has already logged in and still has a session, then an attacker can execute remote code execution (RCE) directly without needing to log in. |
|---|
| Источник | ⚠️ https://warp-desk-89d.notion.site/TEW-824DRU-e7228d462ce24fa1a9fecb0bee57caad?pvs=4 |
|---|
| Пользователь | Sonicrr (UID 61527) |
|---|
| Представление | 16.01.2024 09:05 (2 лет назад) |
|---|
| Модерация | 26.01.2024 09:10 (10 days later) |
|---|
| Статус | Дубликат |
|---|
| Запись VulDB | 252125 [TRENDnet TEW-824DRU 1.04b01 sub_420AE0 эскалация привилегий] |
|---|
| Баллы | 0 |
|---|