TRENDnet TEW-632BRP v1.010B31 devices have an OS command...
Critical severity
Unreviewed
Published
Jan 27, 2025
to the GitHub Advisory Database
•
Updated Jan 28, 2025
Description
Published by the National Vulnerability Database
Jan 27, 2025
Published to the GitHub Advisory Database
Jan 27, 2025
Last updated
Jan 28, 2025
TRENDnet TEW-632BRP v1.010B31 devices have an OS command injection vulnerability in the CGl interface "ntp_sync.cgi",which allows remote attackers to execute arbitrary commands via parameter "ntp_server" passed to the "ntp_sync.cgi" binary through a POST request.
References