CVE-2013-3365
published 2014-02-04CVE-2013-3365: TRENDnet TEW-812DRU router allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) wan network prefix to…
PriorityP258high8.5CVSS 2.0
AVNACMAuSCCICAC
EXPLOIT
EPSS
4.06%
89.4th percentile
TRENDnet TEW-812DRU router allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) wan network prefix to internet/ipv6.asp; (2) remote port to adm/management.asp; (3) pptp username, (4) pptp password, (5) ip, (6) gateway, (7) l2tp username, or (8) l2tp password to internet/wan.asp; (9) NtpDstStart, (10) NtpDstEnd, or (11) NtpDstOffset to adm/time.asp; or (12) device url to adm/management.asp. NOTE: vectors 9, 10, and 11 can be exploited by unauthenticated remote attackers by leveraging CVE-2013-3098.
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP POST requests containing shell metacharacters in form fields submitted to the vulnerable ASP endpoints (internet/ipv6.asp, adm/management.asp, internet/wan.asp, adm/time.asp) on TRENDnet TEW-812DRU devices. ↗
- →Vectors NtpDstStart, NtpDstEnd, and NtpDstOffset (adm/time.asp) can be exploited by unauthenticated remote attackers — monitor for unauthenticated POST requests to adm/time.asp with shell metacharacters in those fields. ↗
- →The exploit is delivered as a CSRF attack via a malicious web page — look for cross-origin form submissions targeting the router's management interface from external origins. ↗
- ·The NtpDstStart, NtpDstEnd, and NtpDstOffset injection vectors (adm/time.asp) are exploitable without authentication when CVE-2013-3098 (CSRF bypass) is also present — treat these as unauthenticated RCE in combined-vulnerability scenarios. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://infosec42.blogspot.com/2013/07/exploit-trendnet-tew-812dru-csrfcommand.htmlhttp://securityevaluators.com/content/case-studies/routers/Vulnerability_Catalog.pdfhttp://infosec42.blogspot.com/2013/07/exploit-trendnet-tew-812dru-csrfcommand.htmlhttp://securityevaluators.com/content/case-studies/routers/Vulnerability_Catalog.pdf
2014-02-04
Published