Sign-up

ID

VAR-201907-0433


CVE

CVE-2019-13278


TITLE

TRENDnet TEW-827DRU Command injection vulnerability in some firmware

Trust: 0.8

sources: JVNDB: JVNDB-2019-006325

DESCRIPTION

TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple command injections when processing user input for the setup wizard, allowing an unauthenticated user to run arbitrary commands on the device. The vulnerability can be exercised on the local intranet or remotely if remote administration is enabled. TRENDnet TEW-827DRU Has a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TRENDnetTEW-827DRU is a wireless router from TRENDnet. A security hole exists in the TRENDnetTEW-827DRU using firmware version 2.04B03 and earlier. An attacker could exploit this vulnerability to execute arbitrary commands on the device

Trust: 2.25

sources: NVD: CVE-2019-13278 // JVNDB: JVNDB-2019-006325 // CNVD: CNVD-2019-22209 // VULHUB: VHN-145108

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-22209

AFFECTED PRODUCTS

vendor:trendnetmodel:tew-827druscope:lteversion:2.04b03

Trust: 1.8

vendor:trendnetmodel:tew-827dru <=2.04b03scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2019-22209 // JVNDB: JVNDB-2019-006325 // NVD: CVE-2019-13278

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-13278
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-13278
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2019-22209
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201907-593
value: CRITICAL

Trust: 0.6

VULHUB: VHN-145108
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-13278
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-22209
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-145108
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-13278
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-22209 // VULHUB: VHN-145108 // JVNDB: JVNDB-2019-006325 // CNNVD: CNNVD-201907-593 // NVD: CVE-2019-13278

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.1

problemtype:CWE-77

Trust: 0.9

sources: VULHUB: VHN-145108 // JVNDB: JVNDB-2019-006325 // NVD: CVE-2019-13278

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-593

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201907-593

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-006325

PATCH
title:Top Pageurl:https://www.trendnet.com/home
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-006325

EXTERNAL IDS
db:NVDid:CVE-2019-13278
Trust: 3.1
db:JVNDBid:JVNDB-2019-006325
Trust: 0.8
db:CNNVDid:CNNVD-201907-593
Trust: 0.7
db:CNVDid:CNVD-2019-22209
Trust: 0.6
db:VULHUBid:VHN-145108
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-22209 // 
            
            
            
            VULHUB: VHN-145108 // 
            
            
            
            JVNDB: JVNDB-2019-006325 // 
            
            
            
            CNNVD: CNNVD-201907-593 // 
            
            
            
            NVD: CVE-2019-13278

REFERENCES
url:https://github.com/fuzzywalls/trendnetexploits/tree/master/cve-2019-13278
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2019-13278
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13278
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-22209 // 
            
            
            
            VULHUB: VHN-145108 // 
            
            
            
            JVNDB: JVNDB-2019-006325 // 
            
            
            
            CNNVD: CNNVD-201907-593 // 
            
            
            
            NVD: CVE-2019-13278

SOURCES
db:CNVDid:CNVD-2019-22209
db:VULHUBid:VHN-145108
db:JVNDBid:JVNDB-2019-006325
db:CNNVDid:CNNVD-201907-593
db:NVDid:CVE-2019-13278

LAST UPDATE DATE
2024-11-23T22:25:54.294000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-22209date:2019-07-12T00:00:00
db:VULHUBid:VHN-145108date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2019-006325date:2019-07-17T00:00:00
db:CNNVDid:CNNVD-201907-593date:2020-08-25T00:00:00
db:NVDid:CVE-2019-13278date:2024-11-21T04:24:36.663

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-22209date:2019-07-12T00:00:00
db:VULHUBid:VHN-145108date:2019-07-10T00:00:00
db:JVNDBid:JVNDB-2019-006325date:2019-07-17T00:00:00
db:CNNVDid:CNNVD-201907-593date:2019-07-10T00:00:00
db:NVDid:CVE-2019-13278date:2019-07-10T17:15:12.413