Lucene search

MitreCVE-2018-19241

HistoryDec 20, 2018 - 11:29 p.m.

CVE-2018-19241

2018-12-2023:29:01

CWE-119

mitre

web.nvd.nist.gov

cve-2018-19241

buffer overflow

trendnet

tv-ip110wn

tv-ip121wn

video.cgi

control flow hijacking

vulnerability

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

7.7

Confidence

High

EPSS

0.001

Percentile

37.3%

JSON

Buffer overflow in video.cgi on TRENDnet TV-IP110WN V1.2.2 build 68, V1.2.2.65, and V1.2.2 build 64 and TV-IP121WN V1.2.2 build 28 devices allows attackers to hijack the control flow to any attacker-specified location by crafting a POST request payload (without authentication).

Affected configurations

Nvd

Node

trendnettv-ip110wn_firmwareMatch1.2.2.64

trendnettv-ip110wn_firmwareMatch1.2.2.65

trendnettv-ip110wn_firmwareMatch1.2.2.68

AND

trendnettv-ip110wnMatch-

Node

trendnettv-ip121wn_firmwareMatch1.2.2.28

AND

trendnettv-ip121wnMatch-

VendorProductVersionCPE
trendnettv-ip110wn_firmware1.2.2.64cpe:2.3:o:trendnet:tv-ip110wn_firmware:1.2.2.64:*:*:*:*:*:*:*
trendnettv-ip110wn_firmware1.2.2.65cpe:2.3:o:trendnet:tv-ip110wn_firmware:1.2.2.65:*:*:*:*:*:*:*
trendnettv-ip110wn_firmware1.2.2.68cpe:2.3:o:trendnet:tv-ip110wn_firmware:1.2.2.68:*:*:*:*:*:*:*
trendnettv-ip110wn-cpe:2.3:h:trendnet:tv-ip110wn:-:*:*:*:*:*:*:*
trendnettv-ip121wn_firmware1.2.2.28cpe:2.3:o:trendnet:tv-ip121wn_firmware:1.2.2.28:*:*:*:*:*:*:*
trendnettv-ip121wn-cpe:2.3:h:trendnet:tv-ip121wn:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
trendnet	tv-ip110wn_firmware	1.2.2.64	cpe:2.3:o:trendnet:tv-ip110wn_firmware:1.2.2.64:::::::*
trendnet	tv-ip110wn_firmware	1.2.2.65	cpe:2.3:o:trendnet:tv-ip110wn_firmware:1.2.2.65:::::::*
trendnet	tv-ip110wn_firmware	1.2.2.68	cpe:2.3:o:trendnet:tv-ip110wn_firmware:1.2.2.68:::::::*
trendnet	tv-ip110wn	-	cpe:2.3:h:trendnet:tv-ip110wn:-:::::::*
trendnet	tv-ip121wn_firmware	1.2.2.28	cpe:2.3:o:trendnet:tv-ip121wn_firmware:1.2.2.28:::::::*
trendnet	tv-ip121wn	-	cpe:2.3:h:trendnet:tv-ip121wn:-:::::::*

References

packetstormsecurity.com/files/150693/TRENDnet-Command-Injection-Buffer-Overflow-Cross-Site-Scripting.html

seclists.org/fulldisclosure/2018/Dec/21

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

7.7

Confidence

High

EPSS

0.001

Percentile

37.3%

JSON

Related for CVE-2018-19241