CVE-2024-57590 — Command Injection in Tew-632brp Firmware

CWE-77 — Command Injection3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

0.8%

top 26.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trendnet Tew-632brp Firmware

Timeline

PublishedJan 27

Description

TRENDnet TEW-632BRP v1.010B31 devices have an OS command injection vulnerability in the CGl interface "ntp_sync.cgi",which allows remote attackers to execute arbitrary commands via parameter "ntp_server" passed to the "ntp_sync.cgi" binary through a POST request.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDtrendnet/tew-632brp_firmware1.010b31

🔴Vulnerability Details

GHSA

GHSA-3v4j-7fgr-fp96: TRENDnet TEW-632BRP v1↗2025-01-27

▶

CVEList

CVE-2024-57590: TRENDnet TEW-632BRP v1↗2025-01-27

▶