| tiêu đề | Trendnet TEW-821DAP v1.11B03 CWE-78 Improper Neutralization of Special Elements used in an O |
|---|
| Mô tả | During the firmware update process, there is command injection vulnerability in function sub_42026C of program ssi. In the concatenation of DDNS configuration strings, variables hostname, username, and password are directly concatenated into the configuration strings. Then, the configuration strings is written into config file and the DDNS restart command is executed. However, these variables are propagated from the user input without any verification. Once the hackers control the user input, malicious command could be injected into the configuration strings. |
|---|
| Nguồn | ⚠️ https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Trendnet/TEW-821DAP_CI4.md |
|---|
| Người dùng | IOT_Res (UID 81722) |
|---|
| Đệ trình | 29/05/2026 08:56 (cách đây 1 tháng) |
|---|
| Kiểm duyệt | 11/07/2026 12:12 (1 month later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 377793 [TRENDnet TEW-821DAP 1.11B03 Firmware Update /goform/tools_ddns sub_42026C hostname/username/password nâng cao đặc quyền] |
|---|
| điểm | 20 |
|---|