| 标题 | Trendnet TEW-821DAP v1.12B01 CWE-327 Use of a Broken or Risky Cryptographic Algorithm |
|---|
| 描述 | During the firmware update process, there is firmware integrity verification vulnerability in function platform_do_upgrade_cameo_dev() of program cameo_dev.sh. Function platform_do_upgrade_cameo_dev() performs the firmware integrity verification through CRC32 which could be easily be bypassed. Once the hackers obtain the CRC32 value they could could craft a compromised firmware with the same CRC value as the new firmware to bypass the integrity verification. Then, the compromised firmware which could cause arbitrary code execution or denial of service can be written into the IoT device through the firmware update. |
|---|
| 来源 | ⚠️ https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Trendnet/TEW-821DAP_Inte.md |
|---|
| 用户 | IOT_Res (UID 81722) |
|---|
| 提交 | 2026-04-16 04時43分 (2 月前) |
|---|
| 管理 | 2026-05-01 14時08分 (15 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 360568 [TRENDnet TEW-821DAP 直到 1.12B01 Firmware Update cameo_dev.sh platform_do_upgrade_cameo_dev 弱身份验证] |
|---|
| 积分 | 20 |
|---|