| Название | TRENDnet TEW-822DRE v1.01B06 / 1.00B21 Command Injection |
|---|
| Описание | A vulnerability was found in Trendnet TEW-822DRE firmware version 1.00b21 (and 1.00b06). It has been classified as critical. This vulnerability affects the function formWsc within the boa web server component . The manipulation of the argument peerPin leads to command injection. The attack can be initiated remotely but requires authentication. The vulnerability is triggered only when the Wireless Protected
Setup (WPS) feature is in a "disabled" state. In this specific configuration, the application fails to sanitize the peerPin input before concatenating it into a shell command string via sprintf and executing it with system(), allowing an attacker to execute arbitrary commands with root privileges. |
|---|
| Источник | ⚠️ https://pentagonal-time-3a7.notion.site/TRENDnet-TEW-822DRE-Command-Injection-2c9e5dd4c5a580f190e9c411ad627e9a#2c9e5dd4c5a5801dae7ad20828639d4b |
|---|
| Пользователь | Anonymous User |
|---|
| Представление | 14.12.2025 10:06 (4 месяцы назад) |
|---|
| Модерация | 27.12.2025 11:12 (13 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 338517 [TRENDnet TEW-822DRE 1.00B21/1.01B06 /boafrm/formWsc sub_43ACF4 peerPin эскалация привилегий] |
|---|
| Баллы | 17 |
|---|