Sign-up

ID

VAR-201907-0538


CVE

CVE-2019-13151


TITLE

TRENDnet TEW-827DRU Firmware command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-005879

DESCRIPTION

An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the action set_sta_enrollee_pin_5g and the key wps_sta_enrollee_pin. TRENDnet TEW-827DRU The firmware contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TRENDnetTEW-827DRU is a wireless router from TRENDnet. A command injection vulnerability exists in the apply.cgi file in the TRENDnetTEW-827DRU with firmware prior to 2.05B11. The vulnerability stems from the fact that external input data constructs executable commands, and the network system or product does not properly filter the special elements. An attacker could exploit the vulnerability to execute an illegal command

Trust: 2.16

sources: NVD: CVE-2019-13151 // JVNDB: JVNDB-2019-005879 // CNVD: CNVD-2019-25518

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-25518

AFFECTED PRODUCTS

vendor:trendnetmodel:tew-827druscope:ltversion:2.05b11

Trust: 1.8

vendor:trendnetmodel:tew-827dru <2.05b11scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2019-25518 // JVNDB: JVNDB-2019-005879 // NVD: CVE-2019-13151

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-13151
value: HIGH

Trust: 1.0

NVD: CVE-2019-13151
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-25518
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201907-140
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-13151
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-25518
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-13151
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-25518 // JVNDB: JVNDB-2019-005879 // CNNVD: CNNVD-201907-140 // NVD: CVE-2019-13151

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

problemtype:CWE-77

Trust: 0.8

sources: JVNDB: JVNDB-2019-005879 // NVD: CVE-2019-13151

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-140

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201907-140

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-005879

PATCH
title:Top Pageurl:https://www.trendnet.com/home
Trust: 0.8
title:TRENDnetTEW-827DRU command injection vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/172845
Trust: 0.6
title:TRENDnet TEW-827DRU Fixes for command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94339
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-25518 // 
            
            
            
            JVNDB: JVNDB-2019-005879 // 
            
            
            
            CNNVD: CNNVD-201907-140

EXTERNAL IDS
db:NVDid:CVE-2019-13151
Trust: 3.0
db:JVNDBid:JVNDB-2019-005879
Trust: 0.8
db:CNVDid:CNVD-2019-25518
Trust: 0.6
db:CNNVDid:CNNVD-201907-140
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-25518 // 
            
            
            
            JVNDB: JVNDB-2019-005879 // 
            
            
            
            CNNVD: CNNVD-201907-140 // 
            
            
            
            NVD: CVE-2019-13151

REFERENCES
url:https://github.com/teamseri0us/pocs/blob/master/iot/trendnet/cmdinject3.jpg
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2019-13151
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13151
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-25518 // 
            
            
            
            JVNDB: JVNDB-2019-005879 // 
            
            
            
            CNNVD: CNNVD-201907-140 // 
            
            
            
            NVD: CVE-2019-13151

SOURCES
db:CNVDid:CNVD-2019-25518
db:JVNDBid:JVNDB-2019-005879
db:CNNVDid:CNNVD-201907-140
db:NVDid:CVE-2019-13151

LAST UPDATE DATE
2024-11-23T22:25:54.200000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-25518date:2019-08-02T00:00:00
db:JVNDBid:JVNDB-2019-005879date:2019-07-03T00:00:00
db:CNNVDid:CNNVD-201907-140date:2020-10-28T00:00:00
db:NVDid:CVE-2019-13151date:2024-11-21T04:24:18.660

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-25518date:2019-08-02T00:00:00
db:JVNDBid:JVNDB-2019-005879date:2019-07-03T00:00:00
db:CNNVDid:CNNVD-201907-140date:2019-07-02T00:00:00
db:NVDid:CVE-2019-13151date:2019-07-02T13:15:12.307