First published: Thu Dec 20 2018(Updated: )
TRENDnet TEW-673GRU v1.00b40 devices have an OS command injection vulnerability in the start_arpping function of the timer binary, which allows remote attackers to execute arbitrary commands via three parameters (dhcpd_start, dhcpd_end, and lan_ipaddr) passed to the apply.cgi binary through a POST request.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Trendnet Tew-673gru Firmware | =1.00b40 | |
TRENDnet TEW-673GRU |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-19239 is an OS command injection vulnerability found in TRENDnet TEW-673GRU v1.00b40 devices.
CVE-2018-19239 has a severity level of 7.2, which is classified as critical.
CVE-2018-19239 allows remote attackers to execute arbitrary commands on TRENDnet TEW-673GRU v1.00b40 devices.
CVE-2018-19239 has CWE classifications of CWE-77 (Improper Neutralization of Special Elements used in a Command ('Command Injection')) and CWE-78 (Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')).
Yes, TRENDnet TEW-673GRU v1.00b40 devices are vulnerable to CVE-2018-19239.