Details of VAR-201907-0431

ID

VAR-201907-0431

CVE

CVE-2019-13276

TITLE

TRENDnet TEW-827DRU Buffer error vulnerability in some firmware

Trust: 0.8

sources: JVNDB: JVNDB-2019-006324

DESCRIPTION

TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains a stack-based buffer overflow in the ssi binary. The overflow allows an unauthenticated user to execute arbitrary code by providing a sufficiently long query string when POSTing to any valid cgi, txt, asp, or js file. The vulnerability can be exercised on the local intranet or remotely if remote administration is enabled. TRENDnet TEW-827DRU Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TRENDnetTEW-827DRU is a wireless router from TRENDnet. The vulnerability stems from a network system or product that does not properly validate data boundaries when performing operations on memory, causing erroneous read and write operations to be performed on other associated memory locations. An attacker could exploit the vulnerability to cause a buffer overflow or heap overflow

Trust: 2.25

sources: NVD: CVE-2019-13276 // JVNDB: JVNDB-2019-006324 // CNVD: CNVD-2019-22208 // VULHUB: VHN-145106

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-22208

AFFECTED PRODUCTS

vendor:	trendnet	model:	tew-827dru	scope:	lte	version:	2.04b03	Trust: 1.8
vendor:	trendnet	model:	tew-827dru <=2.04b03	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2019-22208 // JVNDB: JVNDB-2019-006324 // NVD: CVE-2019-13276

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-13276
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2019-13276
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2019-22208
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201907-591
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-145106
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-13276
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-22208
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-145106
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-13276
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2019-22208 // VULHUB: VHN-145106 // JVNDB: JVNDB-2019-006324 // CNNVD: CNNVD-201907-591 // NVD: CVE-2019-13276

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.1
problemtype:	CWE-119	Trust: 0.9

sources: VULHUB: VHN-145106 // JVNDB: JVNDB-2019-006324 // NVD: CVE-2019-13276

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-591

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201907-591

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-006324

PATCH

title:

Top Page

url:

https://www.trendnet.com/home

Trust: 0.8

sources: JVNDB: JVNDB-2019-006324

EXTERNAL IDS

db:	NVD	id:	CVE-2019-13276	Trust: 3.1
db:	JVNDB	id:	JVNDB-2019-006324	Trust: 0.8
db:	CNNVD	id:	CNNVD-201907-591	Trust: 0.7
db:	CNVD	id:	CNVD-2019-22208	Trust: 0.6
db:	VULHUB	id:	VHN-145106	Trust: 0.1

sources: CNVD: CNVD-2019-22208 // VULHUB: VHN-145106 // JVNDB: JVNDB-2019-006324 // CNNVD: CNNVD-201907-591 // NVD: CVE-2019-13276

REFERENCES

url:	https://github.com/fuzzywalls/trendnetexploits/tree/master/cve-2019-13276	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-13276	Trust: 2.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13276	Trust: 0.8

sources: CNVD: CNVD-2019-22208 // VULHUB: VHN-145106 // JVNDB: JVNDB-2019-006324 // CNNVD: CNNVD-201907-591 // NVD: CVE-2019-13276

SOURCES

db:	CNVD	id:	CNVD-2019-22208
db:	VULHUB	id:	VHN-145106
db:	JVNDB	id:	JVNDB-2019-006324
db:	CNNVD	id:	CNNVD-201907-591
db:	NVD	id:	CVE-2019-13276

LAST UPDATE DATE

2024-11-23T22:44:57.301000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-22208	date:	2019-07-12T00:00:00
db:	VULHUB	id:	VHN-145106	date:	2020-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2019-006324	date:	2019-07-17T00:00:00
db:	CNNVD	id:	CNNVD-201907-591	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2019-13276	date:	2024-11-21T04:24:36.397

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-22208	date:	2019-07-12T00:00:00
db:	VULHUB	id:	VHN-145106	date:	2019-07-10T00:00:00
db:	JVNDB	id:	JVNDB-2019-006324	date:	2019-07-17T00:00:00
db:	CNNVD	id:	CNNVD-201907-591	date:	2019-07-10T00:00:00
db:	NVD	id:	CVE-2019-13276	date:	2019-07-10T17:15:12.337