nvd-json-data-feeds/CVE-2019/CVE-2019-132xx/CVE-2019-13276.json

{
  "id": "CVE-2019-13276",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2019-07-10T17:15:12.337",
  "lastModified": "2020-08-24T17:37:01.140",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains a stack-based buffer overflow in the ssi binary. The overflow allows an unauthenticated user to execute arbitrary code by providing a sufficiently long query string when POSTing to any valid cgi, txt, asp, or js file. The vulnerability can be exercised on the local intranet or remotely if remote administration is enabled."
    },
    {
      "lang": "es",
      "value": "El dispositivo TEW-827DRU hasta la versi\u00f3n de firmware 2.04B03 e incluida de TRENDnet, contiene un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en el binario ssi. El desbordamiento permite a un usuario no identificado ejecutar c\u00f3digo arbitrario proporcionando una cadena de consulta suficientemente larga durante el POSTing de cualquier archivo cgi, txt, asp o js v\u00e1lido. La vulnerabilidad puede ser ejercida en la intranet local o remotamente, si la administraci\u00f3n remota est\u00e1 habilitada."
    }
  ],
  "metrics": {
    "cvssMetricV30": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ]
    }
  ],
  "configurations": [
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:trendnet:tew-827dru_firmware:*:*:*:*:*:*:*:*",
              "versionEndIncluding": "2.04b03",
              "matchCriteriaId": "D82CCAA8-61AC-4695-BCF8-CDFEC3D72368"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:h:trendnet:tew-827dru:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6A79A7-46A7-446F-B512-4C75B5C214CE"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://github.com/fuzzywalls/TRENDNetExploits/tree/master/CVE-2019-13276",
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    }
  ]
}