CVE-2019-13280

TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains a stack-based buffer overflow while returning an error message to the user about failure to resolve a hostname during a ping or traceroute attempt. This allows an authenticated user to execute arbitrary code. The exploit can be exercised on the local intranet or remotely if remote administration is enabled.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 84%
VendorProductVersion
trendnettew-827dru_firmware
𝑥
≤ 2.04b03
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/fuzzywalls/TRENDNetExploits/tree/master/CVE-2019-13280
https://github.com/fuzzywalls/TRENDNetExploits/tree/master/CVE-2019-13280