Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-23120: Customer Support | TRENDnet

The use of the cyclic redundancy check (CRC) algorithm for integrity check during firmware update makes TRENDnet TV-IP651WI Network Camera firmware version v1.07.01 and earlier vulnerable to firmware modification attacks. An attacker can conduct a man-in-the-middle (MITM) attack to modify the new firmware image and bypass the checksum verification.

CVE
#vulnerability#web#buffer_overflow#hard_coded_credentials#auth#wifi
  • TWG-431BR VPN ROUTER AND TEW-740APBO V3.XR WIRELESS ACCESS POINT AUTHENTICATED COMMAND INJECTION VULNERABILITY AND KNOWN VULNERABILITIES IN CLI
    1/26/2023

  • TRENDnet is aware of the command injection vulnerability and known vulnerabilities in CLI with TWG-431BR and TEW-740APBO hardware version 3.xR. To exploit these vulnerabilities, the attacker would need to know the device’s management interface login user name and password. When exploited successfully, the attacker can compromise the device.

    TRENDnet has released firmware updates to address these vulnerabilities

  • TEW-820AP WIRELESS AC EASY-UPGRADER BUFFER OVERFLOW VULNERABILITIES
    11/2/2022

  • TRENDnet is aware of the possible buffer overflow vulnerabilities involving the TEW-820AP Wireless AC Easy-Upgrader that could allow a malicious cyber attacker to take over the device and gain access to its operating system; however, this product has reached its End of Life (EoL) and End of Support, and TRENDnet is unable to provide support to verify or resolve these vulnerabilities.

    TRENDnet recommends customers to retire this product to prevent the risk of devices possibly connecting to it.

  • FRAGMENT and FORGE VULNERABILITIES (FRAGATTACKS) AGAINST SOME WI-FI DEVICES
    8/17/2021

  • TRENDnet is aware of a series of published vulnerabilities known as FragAttacks in IEEE 802.11 standard Wi-Fi devices. The affected products are mainly wireless Access Points and Wireless Routers. To exploit these vulnerabilities, the attacker would need to connect to your Wi-Fi network. When exploited successfully, the attacker can extract data from the network, which can lead to additional exploits of your other network devices.

    TRENDnet has released firmware updates to address these vulnerabilities for the following products, please click on the link to go to the corresponding product’s download page.

  • TEW-714TRU TRAVEL ROUTER AUTHENTICATION BYPASS, HARD-CODED CREDENTIALS, AND UNRESTRICTED FILE WRITE VULNERABILITIES
    8/17/2021

  • TRENDnet is aware of the vulnerabilities involving the TEW-714TRU Wireless Travel Router that could allow a malicious cyber attacker to take over the router and gain access to its operating system; however, this product has reached its End of Life (EoL) and End of Support, and TRENDnet is unable to provide support to resolve these vulnerabilities.

    TRENDnet recommends customers to retire this product to prevent the risk of devices possibly connecting to it.

  • WEB SERVER DIRECTORY TRAVERSAL ARBITRARY FILE ACCESS VULNERABILITY IN WEB SMART SWITCH TEG-30284 HARDWARE VERSION: 1.0R
    7/22/2021
  • TRENDnet recently received a report stating a possible Web Server Directory Traversal Arbitrary File Access vulnerability in the 28-Port Gigabit Web Smart Switch, model TEG-30284, Hardware Version: 1.0R. An attacker may be able to exploit this issue to access sensitive information to aide in subsequent attacks.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907