Sign-up

ID

VAR-202302-0047


CVE

CVE-2023-0618


TITLE

TRENDnet TEW-652BRP  Out-of-bounds write vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-002966

DESCRIPTION

A vulnerability was found in TRENDnet TEW-652BRP 3.04B01. It has been declared as critical. This vulnerability affects unknown code of the file cfg_op.ccp of the component Web Service. The manipulation leads to memory corruption. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-219958 is the identifier assigned to this vulnerability. TRENDnet TEW-652BRP Exists in an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2023-0618 // JVNDB: JVNDB-2023-002966 // VULMON: CVE-2023-0618

AFFECTED PRODUCTS

vendor:trendnetmodel:tew-652brpscope:eqversion:3.04b01

Trust: 1.0

vendor:trendnetmodel:tew-652brpscope:eqversion:tew-652brp firmware 3.04b01

Trust: 0.8

vendor:trendnetmodel:tew-652brpscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-002966 // NVD: CVE-2023-0618

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2023-0618
value: HIGH

Trust: 1.0

nvd@nist.gov: CVE-2023-0618
value: HIGH

Trust: 1.0

OTHER: JVNDB-2023-002966
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202302-103
value: HIGH

Trust: 0.6

cna@vuldb.com: CVE-2023-0618
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2023-002966
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2023-0618
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: JVNDB-2023-002966
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-002966 // CNNVD: CNNVD-202302-103 // NVD: CVE-2023-0618 // NVD: CVE-2023-0618

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

problemtype:CWE-119

Trust: 1.0

problemtype:Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-002966 // NVD: CVE-2023-0618

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202302-103

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202302-103

PATCH

title:Top Pageurl:https://www.trendnet.com/

Trust: 0.8

sources: JVNDB: JVNDB-2023-002966

EXTERNAL IDS

db:NVDid:CVE-2023-0618

Trust: 3.3

db:VULDBid:219958

Trust: 2.5

db:JVNDBid:JVNDB-2023-002966

Trust: 0.8

db:CNNVDid:CNNVD-202302-103

Trust: 0.6

db:VULMONid:CVE-2023-0618

Trust: 0.1

sources: VULMON: CVE-2023-0618 // JVNDB: JVNDB-2023-002966 // CNNVD: CNNVD-202302-103 // NVD: CVE-2023-0618

REFERENCES

url:https://vuldb.com/?id.219958

Trust: 2.5

url:https://vuldb.com/?ctiid.219958

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2023-0618

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2023-0618/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/119.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2023-0618 // JVNDB: JVNDB-2023-002966 // CNNVD: CNNVD-202302-103 // NVD: CVE-2023-0618

SOURCES

db:VULMONid:CVE-2023-0618
db:JVNDBid:JVNDB-2023-002966
db:CNNVDid:CNNVD-202302-103
db:NVDid:CVE-2023-0618

LAST UPDATE DATE

2024-08-14T14:54:59.321000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2023-0618date:2023-02-01T00:00:00
db:JVNDBid:JVNDB-2023-002966date:2023-08-28T05:01:00
db:CNNVDid:CNNVD-202302-103date:2023-02-09T00:00:00
db:NVDid:CVE-2023-0618date:2024-05-17T02:17:26.450

SOURCES RELEASE DATE

db:VULMONid:CVE-2023-0618date:2023-02-01T00:00:00
db:JVNDBid:JVNDB-2023-002966date:2023-08-28T00:00:00
db:CNNVDid:CNNVD-202302-103date:2023-02-01T00:00:00
db:NVDid:CVE-2023-0618date:2023-02-01T17:15:10.087