CVE-2019-13279

{"id": "CVE-2019-13279", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2019-07-10T17:15:12.710", "references": [{"url": "https://github.com/fuzzywalls/TRENDNetExploits/tree/master/CVE-2019-13279", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/fuzzywalls/TRENDNetExploits/tree/master/CVE-2019-13279", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple stack-based buffer overflows when processing user input for the setup wizard, allowing an unauthenticated user to execute arbitrary code. The vulnerability can be exercised on the local intranet or remotely if remote administration is enabled."}, {"lang": "es", "value": "El dispositivo TEW-827DRU hasta la versi\u00f3n de firmware 2.04B03 e incluida de TRENDnet, contiene m\u00faltiples desbordamientos de b\u00fafer en la regi\u00f3n stack de la memoria al procesar la entrada del usuario para el asistente de configuraci\u00f3n, lo que permite a un usuario no autenticado ejecutar c\u00f3digo arbitrario. La vulnerabilidad se puede ejercer en la intranet local o remotamente, si la administraci\u00f3n remota est\u00e1 habilitada."}], "lastModified": "2024-11-21T04:24:36.813", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:trendnet:tew-827dru_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D82CCAA8-61AC-4695-BCF8-CDFEC3D72368", "versionEndIncluding": "2.04b03"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:trendnet:tew-827dru:2.0:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FA6A79A7-46A7-446F-B512-4C75B5C214CE"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}