← back
CVE-2013-3365

CVE-2013-3365

EPSS 4.1%
TRENDnet TEW-812DRU router allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) wan network prefix to internet/ipv6.asp; (2) remote port to adm/management.asp; (3) pptp username, (4) pptp password, (5) ip, (6) gateway, (7) l2tp username, or (8) l2tp password to internet/wan.asp; (9) NtpDstStart, (10) NtpDstEnd, or (11) NtpDstOffset to adm/time.asp; or (12) device url to adm/management.asp. NOTE: vectors 9, 10, and 11 can be exploited by unauthenticated remote attackers by leveraging CVE-2013-3098.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/27177unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://infosec42.blogspot.com/2013/07/exploit-trendnet-tew-812dru-csrfcommand.htmlhttp://securityevaluators.com/content/case-studies/routers/Vulnerability_Catalog.pdf