CVE-2023-51835 — MEDIUM (6.8)

Vulnerability Description

An issue in TRENDnet TEW-822DRE v.1.03B02 allows a local attacker to execute arbitrary code via the parameters ipv4_ping in the /boafrm/formSystemCheck.

CVSS Score

6.8

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Trendnet	Tew-822Dre Firmware	1.03b02
Trendnet	Tew-822Dre	-

Related Weaknesses (CWE)

CWE-77

References

https://warp-desk-89d.notion.site/TEW-822DRE-5289eb95796749c2878843519ab451d8ExploitThird Party Advisory
https://www.trendnet.com/support/support-detail.asp?prod=105_TEW-822DREProduct
https://warp-desk-89d.notion.site/TEW-822DRE-5289eb95796749c2878843519ab451d8ExploitThird Party Advisory
https://www.trendnet.com/support/support-detail.asp?prod=105_TEW-822DREProduct

FAQ

What is CVE-2023-51835?

CVE-2023-51835 is a vulnerability with a CVSS score of 6.8 (MEDIUM). An issue in TRENDnet TEW-822DRE v.1.03B02 allows a local attacker to execute arbitrary code via the parameters ipv4_ping in the /boafrm/formSystemCheck.

How severe is CVE-2023-51835?

CVE-2023-51835 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-51835?

Check the references section above for vendor advisories and patch information. Affected products include: Trendnet Tew-822Dre Firmware, Trendnet Tew-822Dre.