TRENDnet TEW-651BR 2.04B1 devices Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) Vulnerability

Summary

TRENDnet TEW-651BR 2.04B1 devices suffers from improper neutralization of special elements used in an os command (‘OS Command Injection’) vulnerability

Credit:

The information has been provided by Vendor

The original article can be found at:https://www.trendnet.com/support/


Details

An issue was discovered on TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices. OS command injection occurs through the get_set.ccp lanHostCfg_HostName_1.1.1.0.0 parameter.

 

Vulnerable Systems:

TRENDnet TEW-651BR 2.04B1 devices

TRENDnet TEW-652BRP 3.04b01 devices

TRENDnet TEW-652BRU 1.00b12 devices

 

CVE Information:

CVE-2019-11399

 

Disclosure Timeline:
Published Date:12/18/2019

Categories: News