| 标题 | TRENDnet TEW-824DRU 1.04b01 Command injection |
|---|
| 描述 | There is a command injection vulnerability in the TEW-824DRU router with firmware version 1.04b01. If an attacker gains web management privileges, they can inject commands into the post request parameters system.ntp.server in the apply.cgi interface, thereby gaining shell privileges. If a user has already logged in and still has a session, then an attacker can execute remote code execution (RCE) directly without needing to log in. |
|---|
| 来源 | ⚠️ https://warp-desk-89d.notion.site/TEW-824DRU-e7228d462ce24fa1a9fecb0bee57caad?pvs=4 |
|---|
| 用户 | Sonicrr (UID 61527) |
|---|
| 提交 | 2024-01-16 09時05分 (2 年前) |
|---|
| 管理 | 2024-01-26 09時10分 (10 days later) |
|---|
| 状态 | 重复 |
|---|
| VulDB条目 | 252125 [TRENDnet TEW-824DRU 1.04b01 sub_420AE0 权限提升] |
|---|
| 积分 | 0 |
|---|