Gửi #842382: Trendnet TEW-821DAP v1.11B03 CWE-78 Improper Neutralization of Special Elements used in an Othông tin

tiêu đềTrendnet TEW-821DAP v1.11B03 CWE-78 Improper Neutralization of Special Elements used in an O
Mô tảDuring the firmware update process, there is command injection vulnerability in function sub_43F2C4 of program ssi. During the construction of DNS lookup command, variables nslookup_target and dns_server are concatenated directly to the DNS lookup command. However, these two variables are propagated from user input without any verification. Once the hackers control the user input, malicious command could be injected to the DNS lookup command.
Nguồn⚠️ https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Trendnet/TEW-821DAP_CI3.md
Người dùng
 IOT_Res (UID 81722)
Đệ trình29/05/2026 08:55 (cách đây 1 tháng)
Kiểm duyệt11/07/2026 12:12 (1 month later)
Trạng tháiđược chấp nhận
Mục VulDB377792 [TRENDnet TEW-821DAP 1.11B03 DNS Lookup /goform/tools_nslookup sub_43F2C4 nslookup_target/dns_server nâng cao đặc quyền]
điểm20

Interested in the pricing of exploits?

See the underground prices here!