cnvd - cnvd-2023-22721

cnvd-2023-22721

Vulnerability from cnvd

Title: TRENDnet TEW-811DRU命令注入漏洞（CNVD-2023-22721）

Description:

TRENDnet TEW-811DRU是美国趋势网络（TRENDnet）公司的一款无线路由器。

TRENDnet TEW-811DRU Web接口组件ping.ccp存在命令注入漏洞，远程攻击者可利用该漏洞提交特殊的请求，执行任意命令。

Severity: 高

Patch Name: TRENDnet TEW-811DRU命令注入漏洞（CNVD-2023-22721）的补丁

Patch Description:

TRENDnet TEW-811DRU是美国趋势网络（TRENDnet）公司的一款无线路由器。

TRENDnet TEW-811DRU Web接口组件ping.ccp存在命令注入漏洞，远程攻击者可利用该漏洞提交特殊的请求，执行任意命令。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

用户可参考如下厂商提供的安全补丁以修复该漏洞： https://www.trendnet.com/

Reference: https://nvd.nist.gov/vuln/detail/CVE-2023-0640

Impacted products

Name
TRENDnet TEW-811DRU 1.0.10.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2023-0640",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2023-0640"
    }
  },
  "description": "TRENDnet TEW-811DRU\u662f\u7f8e\u56fd\u8d8b\u52bf\u7f51\u7edc\uff08TRENDnet\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u65e0\u7ebf\u8def\u7531\u5668\u3002\n\nTRENDnet TEW-811DRU Web\u63a5\u53e3\u7ec4\u4ef6ping.ccp\u5b58\u5728\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u7684\u8bf7\u6c42\uff0c\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://www.trendnet.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2023-22721",
  "openTime": "2023-03-31",
  "patchDescription": "TRENDnet TEW-811DRU\u662f\u7f8e\u56fd\u8d8b\u52bf\u7f51\u7edc\uff08TRENDnet\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u65e0\u7ebf\u8def\u7531\u5668\u3002\r\n\r\nTRENDnet TEW-811DRU Web\u63a5\u53e3\u7ec4\u4ef6ping.ccp\u5b58\u5728\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u7684\u8bf7\u6c42\uff0c\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "TRENDnet TEW-811DRU\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff08CNVD-2023-22721\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "TRENDnet TEW-811DRU 1.0.10.0"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2023-0640",
  "serverity": "\u9ad8",
  "submitTime": "2023-02-06",
  "title": "TRENDnet TEW-811DRU\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff08CNVD-2023-22721\uff09"
}

CVE-2023-0640 (GCVE-0-2023-0640)

Vulnerability from cvelistv5

Published

2023-02-02 08:14

Modified

2025-03-26 18:52

Severity ?

7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-77 - Command Injection

Summary

A vulnerability was found in TRENDnet TEW-652BRP 3.04b01. It has been classified as critical. Affected is an unknown function of the file ping.ccp of the component Web Interface. The manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220020.

References

▼	URL	Tags
	https://vuldb.com/?id.220020	vdb-entry, technical-description, exploit
	https://vuldb.com/?ctiid.220020	signature

Impacted products

	Vendor	Product	Version
	TRENDnet	TEW-652BRP	Version: 3.04b01

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:17:50.341Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "technical-description",
              "exploit",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.220020"
          },
          {
            "tags": [
              "signature",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.220020"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-0640",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-26T18:52:11.104968Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-26T18:52:17.947Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "Web Interface"
          ],
          "product": "TEW-652BRP",
          "vendor": "TRENDnet",
          "versions": [
            {
              "status": "affected",
              "version": "3.04b01"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "analyst",
          "value": "leetsun (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in TRENDnet TEW-652BRP 3.04b01. It has been classified as critical. Affected is an unknown function of the file ping.ccp of the component Web Interface. The manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220020."
        },
        {
          "lang": "de",
          "value": "Es wurde eine kritische Schwachstelle in TRENDnet TEW-652BRP 3.04b01 ausgemacht. Es betrifft eine unbekannte Funktion der Datei ping.ccp der Komponente Web Interface. Durch das Beeinflussen mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 8.3,
            "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77 Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-20T20:00:21.014Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "technical-description",
            "exploit"
          ],
          "url": "https://vuldb.com/?id.220020"
        },
        {
          "tags": [
            "signature"
          ],
          "url": "https://vuldb.com/?ctiid.220020"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-02-02T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2023-02-02T00:00:00.000Z",
          "value": "CVE reserved"
        },
        {
          "lang": "en",
          "time": "2023-02-02T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2023-03-01T17:07:46.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "TRENDnet TEW-652BRP Web Interface ping.ccp command injection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2023-0640",
    "datePublished": "2023-02-02T08:14:07.356Z",
    "dateReserved": "2023-02-02T08:12:45.088Z",
    "dateUpdated": "2025-03-26T18:52:17.947Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted