TV-IP422W WIRELESS NETWORK CAMERA REMOTE CODE EXECUTION VULNERABILITY
TRENDnet is aware of a possible Remote Code Execution (RCE) vulnerability involving TV-IP422W Wireless Network Camera that could allow a malicious cyber attacker to take over the camera and gain access to its operating system; however, this product has reached its End of Life (EOL) and End of Support, and TRENDnet is unable to verify the vulnerability or provide additional support. TRENDnet recommends customer to retire the product to prevent risk of devices possibly connected to it.
TEW-841APO and TEW-840APBO WIRELESS ACCESS POINT lighttpd WEB SERVER VULNERABILITY PATCH
TRENDnet has posted new firmware for TEW-840APBO and TEW-841APBO wireless Access Points. The firmware updates the Access Point's lighttpd web server to version 1.4.54, which addresses vulnerabilities.
TEW-827DRU WIRELESS ROUTER COMMAND INJECTION VULNERABILITIES
TRENDnet has received report of the command injection vulnerability and known vulnerabilities in the cgi interface with TEW-827DRU hardware version 2.xR Firmware 2.10.B01 and earlier. When exploited successfully, the attacker can have root access to the device. TRENDnet has released firmware update to address these vulnerabilities, please click on the link below to go to the product's download page. Or, you can login to the device's management (http://TEW-827DRU) and click on the new firmware available notification on the upper right hand side to perform the firmware upgrade.
INDOOR WIRELESS ACCESS POINTS BUFFER OVERFLOW AND COMMAND INJECTION VULNERABILITIES
TRENDnet is aware of the buffer overflow and command injection vulnerabilities involving the TEW-821DAP Version 2.0R AC1200 Wireless Access Point that could allow a malicious cyber attacker to take over the device and gain access to its operating system.
TEW-821DAP hardware version V2.xR, firmware version 3.01B02 and earlier
TEW-825DAP hardware version v1.xR, firmware version 2.02B01 and earlier
TEW-826DAP hardware version v1.xR, firmware version 2.00B08 and earlier
TEW-921DAP hardware version v1.xR, firmware version 2.13B02 and earlier
IP CAMERAS COMMAND INJECTION AND BUFFER OVERFLOW VULNERABILITIES WITH TV-IP314PI VERSION V2.0R, TV-IP315PI VERSION V2.0R, TV-IP323PI, TV-IP326PI, TV-IP327PI, TV-IP1313PI, TV-IP1314PI, TV-IP1315PI, TV-IP1318PI, AND TV-IP1319PI
TRENDnet has received report of command injection and buffer overflow vulnerabilities involving the IP cameras listed below that could allow a malicious cyber attacker to take over the device and gain access to its operating system.
TEW-755AP, TEW-821DAP, AND TEW-825DAP HARDWARE VERSION V1.XR WIRELESS ACCESS POINT BUFFER OVERFLOW VULNERABILITIES
TRENDnet has received report of buffer overflow vulnerabilities involving the TEW-755AP, TEW-821DAP, and TEW-825DAP wireless Access Points with hardware version V1.xR that could allow a malicious cyber attacker to take over the device and gain access to its operating system.
TWG-431BR VPN ROUTER AND TEW-740APBO V3.XR WIRELESS ACCESS POINT AUTHENTICATED COMMAND INJECTION VULNERABILITY AND KNOWN VULNERABILITIES IN CLI
TRENDnet is aware of the command injection vulnerability and known vulnerabilities in CLI with TWG-431BR and TEW-740APBO hardware version 3.xR. To exploit these vulnerabilities, the attacker would need to know the device's management interface login user name and password. When exploited successfully, the attacker can compromise the device.
TRENDnet has released firmware updates to address these vulnerabilities
TEW-820AP WIRELESS AC EASY-UPGRADER BUFFER OVERFLOW VULNERABILITIES
TRENDnet is aware of the possible buffer overflow vulnerabilities involving the TEW-820AP Wireless AC Easy-Upgrader that could allow a malicious cyber attacker to take over the device and gain access to its operating system; however, this product has reached its End of Life (EoL) and End of Support, and TRENDnet is unable to provide support to verify or resolve these vulnerabilities.
TRENDnet recommends customers to retire this product to prevent the risk of devices possibly connecting to it.
FRAGMENT and FORGE VULNERABILITIES (FRAGATTACKS) AGAINST SOME WI-FI DEVICES
TRENDnet is aware of a series of published vulnerabilities known as FragAttacks in IEEE 802.11 standard Wi-Fi devices. The affected products are mainly wireless Access Points and Wireless Routers. To exploit these vulnerabilities, the attacker would need to connect to your Wi-Fi network. When exploited successfully, the attacker can extract data from the network, which can lead to additional exploits of your other network devices.
TRENDnet has released firmware updates to address these vulnerabilities for the following products, please click on the link to go to the corresponding product’s download page.
TEW-714TRU TRAVEL ROUTER AUTHENTICATION BYPASS, HARD-CODED CREDENTIALS, AND UNRESTRICTED FILE WRITE VULNERABILITIES
TRENDnet is aware of the vulnerabilities involving the TEW-714TRU Wireless Travel Router that could allow a malicious cyber attacker to take over the router and gain access to its operating system; however, this product has reached its End of Life (EoL) and End of Support, and TRENDnet is unable to provide support to resolve these vulnerabilities.
TRENDnet recommends customers to retire this product to prevent the risk of devices possibly connecting to it.