CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-13151

An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the action set_sta_enrollee_pin_5g and the key wps_sta_enrollee_pin.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.048

EPSS Ranking 89.0%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.5

References

https://github.com/TeamSeri0us/pocs/blob/master/iot/trendnet/cmdinject3.jpg
https://github.com/TeamSeri0us/pocs/blob/master/iot/trendnet/cmdinject3.jpg

Products affected by CVE-2019-13151

Trendnet » Tew-827dru » Version: N/A

cpe:2.3:h:trendnet:tew-827dru:-
Trendnet » Tew-827dru Firmware » Version: N/A

cpe:2.3:o:trendnet:tew-827dru_firmware:-
Trendnet » Tew-827dru Firmware » Version: 1.04b01

cpe:2.3:o:trendnet:tew-827dru_firmware:1.04b01
Trendnet » Tew-827dru Firmware » Version: 2.04

cpe:2.3:o:trendnet:tew-827dru_firmware:2.04
Trendnet » Tew-827dru Firmware » Version: 2.04b03

cpe:2.3:o:trendnet:tew-827dru_firmware:2.04b03

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-13151

Products

Pricing

Contact Us