CVE-2013-3365: OS Command Injection
First published: Tue Feb 04 2014(Updated: )
TRENDnet TEW-812DRU router allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) wan network prefix to internet/ipv6.asp; (2) remote port to adm/management.asp; (3) pptp username, (4) pptp password, (5) ip, (6) gateway, (7) l2tp username, or (8) l2tp password to internet/wan.asp; (9) NtpDstStart, (10) NtpDstEnd, or (11) NtpDstOffset to adm/time.asp; or (12) device url to adm/management.asp. NOTE: vectors 9, 10, and 11 can be exploited by unauthenticated remote attackers by leveraging CVE-2013-3098.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| TRENDnet TEW-812DRU firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2013-3365?
CVE-2013-3365 has a severity rating classified as high, indicating significant risk to affected systems.
How do I fix CVE-2013-3365?
To fix CVE-2013-3365, update the TRENDnet TEW-812DRU firmware to the latest version provided by the vendor.
What types of devices are affected by CVE-2013-3365?
CVE-2013-3365 specifically affects TRENDnet TEW-812DRU routers.
Can CVE-2013-3365 be exploited remotely?
Yes, CVE-2013-3365 allows remote authenticated users to execute arbitrary commands on the affected device.
Are there any known exploits for CVE-2013-3365?
Yes, there are known exploits that utilize shell metacharacters to execute commands on vulnerable TRENDnet routers.
- agent/author
- agent/severity
- agent/weakness
- agent/references
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/event
- agent/first-publish-date
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/description
- vendor/trendnet
- canonical/trendnet tew-812dru firmware