CVE-2020-14080
moderate-risk
Published 2020-06-15
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an unauthenticated user to execute arbitrary code by POSTing to apply_sec.cgi via the action ping_test with a sufficiently long ping_ipaddr key.
Do I need to act?
~
3.8% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (1)
Affected Vendors
References (4)
Third Party Advisory
https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/TRENDnet-ping...
Third Party Advisory
https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/ping_test_ove...
Third Party Advisory
https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/TRENDnet-ping...
Third Party Advisory
https://github.com/kuc001/IoTFirmware/blob/master/Trendnet/TEW-827/ping_test_ove...
44
/ 100
moderate-risk
Severity
32/34 · Critical
Exploitability
7/34 · Low
Exposure
5/34 · Minimal