Vulnerability Description
TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains a stack-based buffer overflow while returning an error message to the user about failure to resolve a hostname during a ping or traceroute attempt. This allows an authenticated user to execute arbitrary code. The exploit can be exercised on the local intranet or remotely if remote administration is enabled.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Trendnet | Tew-827Dru Firmware | <= 2.04b03 |
| Trendnet | Tew-827Dru | 2.0 |
Related Weaknesses (CWE)
References
- https://github.com/fuzzywalls/TRENDNetExploits/tree/master/CVE-2019-13280ExploitThird Party Advisory
- https://github.com/fuzzywalls/TRENDNetExploits/tree/master/CVE-2019-13280ExploitThird Party Advisory
FAQ
What is CVE-2019-13280?
CVE-2019-13280 is a vulnerability with a CVSS score of 8.8 (HIGH). TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains a stack-based buffer overflow while returning an error message to the user about failure to resolve a hostname during a ping or t...
How severe is CVE-2019-13280?
CVE-2019-13280 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-13280?
Check the references section above for vendor advisories and patch information. Affected products include: Trendnet Tew-827Dru Firmware, Trendnet Tew-827Dru.