Vulnerability Description
TRENDnet TEW-812DRU router allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) wan network prefix to internet/ipv6.asp; (2) remote port to adm/management.asp; (3) pptp username, (4) pptp password, (5) ip, (6) gateway, (7) l2tp username, or (8) l2tp password to internet/wan.asp; (9) NtpDstStart, (10) NtpDstEnd, or (11) NtpDstOffset to adm/time.asp; or (12) device url to adm/management.asp. NOTE: vectors 9, 10, and 11 can be exploited by unauthenticated remote attackers by leveraging CVE-2013-3098.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Trendnet | Tew-812Dru | - |
Related Weaknesses (CWE)
References
- http://infosec42.blogspot.com/2013/07/exploit-trendnet-tew-812dru-csrfcommand.htExploit
- http://securityevaluators.com/content/case-studies/routers/Vulnerability_CatalogExploit
- http://infosec42.blogspot.com/2013/07/exploit-trendnet-tew-812dru-csrfcommand.htExploit
- http://securityevaluators.com/content/case-studies/routers/Vulnerability_CatalogExploit
FAQ
What is CVE-2013-3365?
CVE-2013-3365 is a vulnerability with a CVSS score of 8.5 (HIGH). TRENDnet TEW-812DRU router allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) wan network prefix to internet/ipv6.asp; (2) remote port to adm/managemen...
How severe is CVE-2013-3365?
CVE-2013-3365 has been rated HIGH with a CVSS base score of 8.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-3365?
Check the references section above for vendor advisories and patch information. Affected products include: Trendnet Tew-812Dru.