Sign-up

ID

VAR-201907-0435


CVE

CVE-2019-13280


TITLE

TRENDnet TEW-827DRU Buffer error vulnerability in some firmware

Trust: 0.8

sources: JVNDB: JVNDB-2019-006246

DESCRIPTION

TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains a stack-based buffer overflow while returning an error message to the user about failure to resolve a hostname during a ping or traceroute attempt. This allows an authenticated user to execute arbitrary code. The exploit can be exercised on the local intranet or remotely if remote administration is enabled. TRENDnet TEW-827DRU Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TRENDnet TEW-827DRU is a wireless router produced by TRENDnet. A buffer error vulnerability exists in TRENDnet TEW-827DRU with firmware version 2.04B03 and earlier. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc

Trust: 1.71

sources: NVD: CVE-2019-13280 // JVNDB: JVNDB-2019-006246 // VULHUB: VHN-145111

AFFECTED PRODUCTS

vendor:trendnetmodel:tew-827druscope:lteversion:2.04b03

Trust: 1.8

sources: JVNDB: JVNDB-2019-006246 // NVD: CVE-2019-13280

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-13280
value: HIGH

Trust: 1.0

NVD: CVE-2019-13280
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201907-513
value: HIGH

Trust: 0.6

VULHUB: VHN-145111
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-13280
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-145111
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-13280
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-145111 // JVNDB: JVNDB-2019-006246 // CNNVD: CNNVD-201907-513 // NVD: CVE-2019-13280

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

problemtype:CWE-119

Trust: 0.9

sources: VULHUB: VHN-145111 // JVNDB: JVNDB-2019-006246 // NVD: CVE-2019-13280

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-513

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201907-513

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-006246

PATCH
title:Top Pageurl:https://www.trendnet.com/home
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-006246

EXTERNAL IDS
db:NVDid:CVE-2019-13280
Trust: 2.5
db:JVNDBid:JVNDB-2019-006246
Trust: 0.8
db:CNNVDid:CNNVD-201907-513
Trust: 0.7
db:VULHUBid:VHN-145111
Trust: 0.1
sources:
            
            
            VULHUB: VHN-145111 // 
            
            
            
            JVNDB: JVNDB-2019-006246 // 
            
            
            
            CNNVD: CNNVD-201907-513 // 
            
            
            
            NVD: CVE-2019-13280

REFERENCES
url:https://github.com/fuzzywalls/trendnetexploits/tree/master/cve-2019-13280
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2019-13280
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13280
Trust: 0.8
sources:
            
            
            VULHUB: VHN-145111 // 
            
            
            
            JVNDB: JVNDB-2019-006246 // 
            
            
            
            CNNVD: CNNVD-201907-513 // 
            
            
            
            NVD: CVE-2019-13280

SOURCES
db:VULHUBid:VHN-145111
db:JVNDBid:JVNDB-2019-006246
db:CNNVDid:CNNVD-201907-513
db:NVDid:CVE-2019-13280

LAST UPDATE DATE
2024-11-23T22:51:43.591000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-145111date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2019-006246date:2019-07-17T00:00:00
db:CNNVDid:CNNVD-201907-513date:2020-08-25T00:00:00
db:NVDid:CVE-2019-13280date:2024-11-21T04:24:36.950

SOURCES RELEASE DATE
db:VULHUBid:VHN-145111date:2019-07-09T00:00:00
db:JVNDBid:JVNDB-2019-006246date:2019-07-17T00:00:00
db:CNNVDid:CNNVD-201907-513date:2019-07-09T00:00:00
db:NVDid:CVE-2019-13280date:2019-07-09T19:15:12.437