提交 #842385: Trendnet TEW-821DAP v1.11B03 CWE-78 Improper Neutralization of Special Elements used in an OS信息

标题Trendnet TEW-821DAP v1.11B03 CWE-78 Improper Neutralization of Special Elements used in an OS
描述During the firmware update process, there is command injection vulnerability in function sub_41FBD0 of program ssi. In the NTP client configuration, the variable hostname is directly concatenated into the NTP time synchronization command. However, this variable is propagated from the user input without any verification. Once the hackers control the user input, malicious command could be injected into the NTP time synchronization command.
来源⚠️ https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Trendnet/TEW-821DAP_CI5.md
用户
 IOT_Res (UID 81722)
提交2026-05-29 08時57分 (1 月前)
管理2026-07-11 12時12分 (1 month later)
状态已接受
VulDB条目377794 [TRENDnet TEW-821DAP 1.11B03 Firmware Update /goform/system_ntp sub_41FBD0 主机名 权限提升]
积分20

Do you need the next level of professionalism?

Upgrade your account now!