If a user can access this file and add their own credentials to the end of the file they would have root access on the router. Firmware versions affected are: 1.03, 1.02, 1.01, 1.00, 1.02B02, and 1.03B01.
Solution: Update to the latest firmware version.
CVE-2018-1786: Open Redirect in Trendnet TEW-828DR Wireless Router affected by Vulnerability: CVE-2018-1786
Routers from the TEW-828DR series released between November 2017 and January 2018 are vulnerable to Open Redirect. An attacker may exploit this issue to redirect users to arbitrary web sites by leveraging the vulnerable device's web browser.
In addition, this issue may be exploited by malicious attackers to inject external links into the web page of the vulnerable device. Firmware versions affected are: 1.0, 1.03, 1.02, 1.01, 1.00, 1.02B02, and 1.03B01.
Solution: Update to the latest firmware version.
CVE-2018-1794: Unauthenticated Remote Code Execution Vulnerability in Trendnet TEW-812DR Wireless Router affected by Vulnerability: CVE-2018-1794
TEW-812DR Wireless Router is vulnerable to Unauthenticated Remote Code Execution Vulnerability
This vulnerability could allow an unauthenticated attacker to execute arbitrary code on a vulnerable device. This vulnerability is exploitable by a remote attacker who can send crafted UDP packets to the vulnerable router's broadcast address and port. The vulnerability is fixed in firmware versions 1.03 and above.
In addition, this issue may be exploited by malicious attackers to inject external links into the web page of the vulnerable device. Firmware versions affected are: 1.0, 1.03, 1.02, 1.01, 1.00, 1.02B02, and 1.03B01.
Remote Code Execution Vulnerability in Trendnet TEW-812DR Wireless Router
A remote code execution vulnerability has been discovered in Trendnet TEW-812DR Wireless Router devices. An attacker may exploit this issue to execute remote commands on the vulnerable device with root privileges. Attacks can be carried out via a man-in-the-middle (MiTM) attack, or by directly connecting to the device and sending malicious payloads. This vulnerability affects firmware versions 1.0, 1.03, 1.02, 1.01, 1.00, 1.02B02, and 1.03B01 of the router's web interface firmware file
Solution: Update to the latest firmware version
Trendnet TEW-812DR Wireless Router
This vulnerability allows attackers to execute arbitrary code on vulnerable devices by tricking victims into visiting a specially crafted URL.
The vulnerability exists within Trendnet's TEW-812DR wireless router and is related to how certain pages are handled. An authenticated attacker could exploit this vulnerability by sending an already logged-in victim a link with malicious content that could cause the device to run arbitrary code in the context of the vulnerable user.
The affected firmware versions are: 1.0, 1.03, 1.02, 1.01, 1.00, 1.02B02, and 1.03B01
TEW-812DR Wireless Routers and Trendnet TEW-828DR Wireless Routers
Trendnet TEW-828DR Wireless Routers are vulnerable to remote unauthenticated code execution. An attacker may exploit this issue to execute arbitrary commands with root privileges on the vulnerable device.
In addition, this issue may be exploited by malicious attackers to inject external links into the web page of the vulnerable device. Firmware versions affected are: 1.0, 1.03, 1.02, 1.01, 1.00, 1.02B02, and 1.03B01.
Solution: Update to the latest firmware version.
Timeline
Published on: 08/28/2022 16:15:00 UTC
Last modified on: 09/01/2022 19:50:00 UTC