CVE-2018-19242 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Tew-632brp Firmware

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources

Severity

8.8HIGHNVD

EPSS

2.9%

top 13.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trendnet Tew-632brp Firmware Trendnet Tew-673gru Firmware

Timeline

PublishedDec 20

Latest updateMay 14

Description

Buffer overflow in apply.cgi on TRENDnet TEW-632BRP 1.010B32 and TEW-673GRU devices allows attackers to hijack the control flow to any attacker-specified location by crafting a POST request payload (with authentication).

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDtrendnet/tew-632brp_firmware1.010b32

▶NVDtrendnet/tew-673gru_firmware1.00b40

🔴Vulnerability Details

GHSA

GHSA-x39m-5345-h729: Buffer overflow in apply↗2022-05-14

▶

OSV

sqlite3 vulnerabilities↗2019-12-02

▶

CVEList

CVE-2018-19242: Buffer overflow in apply↗2018-12-20

▶