CVE-2018-19239
First published: Thu Dec 20 2018(Updated: )
TRENDnet TEW-673GRU v1.00b40 devices have an OS command injection vulnerability in the start_arpping function of the timer binary, which allows remote attackers to execute arbitrary commands via three parameters (dhcpd_start, dhcpd_end, and lan_ipaddr) passed to the apply.cgi binary through a POST request.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Trendnet Tew-673gru Firmware | =1.00b40 | |
| TRENDnet TEW-673GRU |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-19239?
CVE-2018-19239 is an OS command injection vulnerability found in TRENDnet TEW-673GRU v1.00b40 devices.
How severe is CVE-2018-19239?
CVE-2018-19239 has a severity level of 7.2, which is classified as critical.
How does CVE-2018-19239 affect TRENDnet TEW-673GRU devices?
CVE-2018-19239 allows remote attackers to execute arbitrary commands on TRENDnet TEW-673GRU v1.00b40 devices.
What is the CWE classification of CVE-2018-19239?
CVE-2018-19239 has CWE classifications of CWE-77 (Improper Neutralization of Special Elements used in a Command ('Command Injection')) and CWE-78 (Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')).
Are TRENDnet TEW-673GRU v1.00b40 devices vulnerable to CVE-2018-19239?
Yes, TRENDnet TEW-673GRU v1.00b40 devices are vulnerable to CVE-2018-19239.
- collector/nvd-index
- vendor/trendnet
- product/tew-673gru firmware
- canonical/trendnet tew-673gru firmware
- product/tew-673gru
- canonical/trendnet tew-673gru