cbcvebase.
CVE-2013-3365
published 2014-02-04

CVE-2013-3365: TRENDnet TEW-812DRU router allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) wan network prefix to…

PriorityP258high8.5CVSS 2.0
AVNACMAuSCCICAC
EXPLOIT
EPSS
4.06%
89.4th percentile
TRENDnet TEW-812DRU router allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) wan network prefix to internet/ipv6.asp; (2) remote port to adm/management.asp; (3) pptp username, (4) pptp password, (5) ip, (6) gateway, (7) l2tp username, or (8) l2tp password to internet/wan.asp; (9) NtpDstStart, (10) NtpDstEnd, or (11) NtpDstOffset to adm/time.asp; or (12) device url to adm/management.asp. NOTE: vectors 9, 10, and 11 can be exploited by unauthenticated remote attackers by leveraging CVE-2013-3098.

Detection & IOCsextracted from sources · hover to see the quote

urlinternet/ipv6.asp
urladm/management.asp
urlinternet/wan.asp
urladm/time.asp
  • Monitor HTTP POST requests containing shell metacharacters in form fields submitted to the vulnerable ASP endpoints (internet/ipv6.asp, adm/management.asp, internet/wan.asp, adm/time.asp) on TRENDnet TEW-812DRU devices.
  • Vectors NtpDstStart, NtpDstEnd, and NtpDstOffset (adm/time.asp) can be exploited by unauthenticated remote attackers — monitor for unauthenticated POST requests to adm/time.asp with shell metacharacters in those fields.
  • The exploit is delivered as a CSRF attack via a malicious web page — look for cross-origin form submissions targeting the router's management interface from external origins.
  • ·The NtpDstStart, NtpDstEnd, and NtpDstOffset injection vectors (adm/time.asp) are exploitable without authentication when CVE-2013-3098 (CSRF bypass) is also present — treat these as unauthenticated RCE in combined-vulnerability scenarios.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.