| 标题 | Trendnet TEW-821DAP v1.12B01 CWE-287 Improper Authentication |
|---|
| 描述 | During the firmware update process, there is a firmware authentication vulnerability in function find_hwid() and new_gui_update_firmware() of program ssi. The firmware uses hard-coded verification information in the authentication verification. In particular, these two functions extract the hardware ID of the firmware from the firmware image and store the hardware ID into the variable dest. Then, these two functions perform firmware authentication verification by comparing dest with the hard-coded authentication verification information: AP152AR9563-AP-150107-00, AP152AR9563-AP-151201-00, and AP152AR9563-AP-150707-00. Once the hackers obtain the hard-coded authentication verification, the hackers could easily bypass the authentication verification and upload maliciously compromised firmware. This issue in the firmware update process of Trendnet TEW-821DAP (firmware version:v1.12B01) allows attackers to execute arbitrary code or cause denial of service via uploading a compromised firmware with the same hard-coded authentication verification information as the new firmware for update. |
|---|
| 来源 | ⚠️ https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Trendnet/TEW-821DAP_Auth.md |
|---|
| 用户 | IOT_Res (UID 81722) |
|---|
| 提交 | 2026-04-16 04時30分 (2 月前) |
|---|
| 管理 | 2026-05-01 14時07分 (15 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 360563 [TRENDnet TEW-821DAP 1.12B01 Firmware Update find_hwid/new_gui_update_firmware dest 弱身份验证] |
|---|
| 积分 | 20 |
|---|