Filtered by vendor Trendnet
Subscribe
Total
144 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-49237 | 1 Trendnet | 2 Tv-ip1314pi, Tv-ip1314pi Firmware | 2025-06-20 | N/A | 9.8 CRITICAL |
| An issue was discovered on TRENDnet TV-IP1314PI 5.5.3 200714 devices. Command injection can occur because the system function is used by davinci to unpack language packs without strict filtering of URL strings. | |||||
| CVE-2023-49236 | 1 Trendnet | 2 Tv-ip1314pi, Tv-ip1314pi Firmware | 2025-06-20 | N/A | 9.8 CRITICAL |
| A stack-based buffer overflow was discovered on TRENDnet TV-IP1314PI 5.5.3 200714 devices, leading to arbitrary command execution. This occurs because of lack of length validation during an sscanf of a user-entered scale field in the RTSP playback function of davinci. | |||||
| CVE-2023-49235 | 1 Trendnet | 2 Tv-ip1314pi, Tv-ip1314pi Firmware | 2025-06-20 | N/A | 9.8 CRITICAL |
| An issue was discovered in libremote_dbg.so on TRENDnet TV-IP1314PI 5.5.3 200714 devices. Filtering of debug information is mishandled during use of popen. Consequently, an attacker can bypass validation and execute a shell command. | |||||
| CVE-2023-51833 | 1 Trendnet | 2 Tew-411brpplus, Tew-411brpplus Firmware | 2025-05-29 | N/A | 8.1 HIGH |
| A command injection issue in TRENDnet TEW-411BRPplus v.2.07_eu that allows a local attacker to execute arbitrary code via the data1 parameter in the debug.cgi page. | |||||
| CVE-2024-57590 | 1 Trendnet | 2 Tew-632brp, Tew-632brp Firmware | 2025-05-29 | N/A | 9.8 CRITICAL |
| TRENDnet TEW-632BRP v1.010B31 devices have an OS command injection vulnerability in the CGl interface "ntp_sync.cgi",which allows remote attackers to execute arbitrary commands via parameter "ntp_server" passed to the "ntp_sync.cgi" binary through a POST request. | |||||
| CVE-2023-51147 | 1 Trendnet | 2 Tew-821dap, Tew-821dap Firmware | 2025-05-27 | N/A | 8.0 HIGH |
| Buffer Overflow vulnerability in TRENDnet Trendnet AC1200 TEW-821DAP with firmware version 3.00b06 allows an attacker to execute arbitrary code via the adm_mod_pwd action. | |||||
| CVE-2023-51148 | 1 Trendnet | 2 Tew-821dap, Tew-821dap Firmware | 2025-05-27 | N/A | 8.0 HIGH |
| An issue in TRENDnet Trendnet AC1200 Dual Band PoE Indoor Wireless Access Point TEW-821DAP v.3.00b06 allows an attacker to execute arbitrary code via the 'mycli' command-line interface component. | |||||
| CVE-2024-37644 | 1 Trendnet | 2 Tew-814dap, Tew-814dap Firmware | 2025-05-27 | N/A | 8.8 HIGH |
| TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root. | |||||
| CVE-2024-37641 | 1 Trendnet | 2 Tew-814dap, Tew-814dap Firmware | 2025-05-27 | N/A | 8.8 HIGH |
| TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack overflow via the submit-url parameter at /formNewSchedule | |||||
| CVE-2024-37642 | 1 Trendnet | 2 Tew-814dap, Tew-814dap Firmware | 2025-05-27 | N/A | 9.1 CRITICAL |
| TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a command injection vulnerability via the ipv4_ping, ipv6_ping parameter at /formSystemCheck . | |||||
| CVE-2024-37643 | 1 Trendnet | 2 Tew-814dap, Tew-814dap Firmware | 2025-05-27 | N/A | 8.8 HIGH |
| TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack overflow vulnerability via the submit-url parameter at /formPasswordAuth . | |||||
| CVE-2024-37645 | 1 Trendnet | 2 Tew-814dap, Tew-814dap Firmware | 2025-05-27 | N/A | 8.8 HIGH |
| TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack overflow vulnerability via the submit-url parameter at /formSysLog . | |||||
| CVE-2025-25523 | 1 Trendnet | 2 Teg-40128, Teg-40128 Firmware | 2025-05-23 | N/A | 5.9 MEDIUM |
| Buffer overflow vulnerability in Trendnet TEG-40128 Web Smart Switch v1(1.00.023) due to the lack of length verification, which is related to the mobile access point setup operation. The attacker can directly control the remote target device by successfully exploiting this vulnerability. | |||||
| CVE-2025-25429 | 1 Trendnet | 2 Tew-929dru, Tew-929dru Firmware | 2025-05-21 | N/A | 4.8 MEDIUM |
| Trendnet TEW-929DRU 1.0.0.10 contains a Stored Cross-site Scripting (XSS) vulnerability via the r_name variable inside the have_same_name function on the /addschedule.htm page. | |||||
| CVE-2025-25428 | 1 Trendnet | 2 Tew-929dru, Tew-929dru Firmware | 2025-05-21 | N/A | 8.0 HIGH |
| TRENDnet TEW-929DRU 1.0.0.10 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. | |||||
| CVE-2025-25430 | 1 Trendnet | 2 Tew-929dru, Tew-929dru Firmware | 2025-05-21 | N/A | 4.8 MEDIUM |
| Trendnet TEW-929DRU 1.0.0.10 contains a Stored Cross-site Scripting (XSS) vulnerability via the configname parameter on the /cbi_addcert.htm page. | |||||
| CVE-2025-25431 | 1 Trendnet | 2 Tew-929dru, Tew-929dru Firmware | 2025-04-30 | N/A | 4.8 MEDIUM |
| Trendnet TEW-929DRU 1.0.0.10 contains a Stored Cross-site Scripting (XSS) vulnerability via the The ssid key of wifi_data parameter on the /captive_portal.htm page. | |||||
| CVE-2022-44373 | 1 Trendnet | 2 Tew-820ap, Tew-820ap Firmware | 2025-04-23 | N/A | 8.8 HIGH |
| A stack overflow vulnerability exists in TrendNet Wireless AC Easy-Upgrader TEW-820AP (Version v1.0R, firmware version 1.01.B01) which may result in remote code execution. | |||||
| CVE-2015-2880 | 1 Trendnet | 1 Tv-ip743sic | 2025-04-20 | 9.0 HIGH | 8.8 HIGH |
| TRENDnet WiFi Baby Cam TV-IP743SIC has a password of admin for the backdoor root account. | |||||
| CVE-2013-4659 | 2 Asus, Trendnet | 4 Rt-ac66u, Rt-ac66u Firmware, Tew-812dru and 1 more | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| Buffer overflow in Broadcom ACSD allows remote attackers to execute arbitrary code via a long string to TCP port 5916. This component is used on routers of multiple vendors including ASUS RT-AC66U and TRENDnet TEW-812DRU. | |||||