CVE-2024-28354 | TRENDnet TEW-827DRU 2.10B01 POST Request apply.cgi usapps.@smb[%d].username command injection

Posted by Angelo Barbosa | Mar 15, 2024 | CVE

A vulnerability was found in TRENDnet TEW-827DRU 2.10B01. It has been classified as critical. This affects an unknown part of the file apply.cgi of the component POST Request Handler. The manipulation of the argument usapps.@smb[%d].username leads to command injection.

This vulnerability is uniquely identified as CVE-2024-28354. The attack needs to be initiated within the local network. There is no exploit available.

CVE-2024-28354 | TRENDnet TEW-827DRU 2.10B01 POST Request apply.cgi usapps.@smb[%d].username command injection

Related Posts

CVE-2024-23515 | Cincopa Post Video Players Plugin up to 1.159 on WordPress cross-site request forgery

CVE-2023-41014 | code-projects Online Job Portal 1.0 Employer Username sql injection

CVE-2023-50473 | bill-ahmed qbit-matUI 1.16.4 Session Identifier index.js cross site scripting (Issue 207)

CVE-2024-3592 | Quiz and Survey Master Plugin up to 9.0.1 on WordPress sql injection