CVE-2024-0920

Summary

CVE-2024-0920 is a recently disclosed critical vulnerability affecting TRENDnet TEW-822DRE 1.03B02. The issue lies within the POST Request Handler's /admin_ping.htm file, where manipulation of the ipv4_ping/ipv6_ping argument results in command injection. This vulnerability can be exploited remotely, giving attackers the ability to execute arbitrary commands. The exploit has been made public, increasing the threat level. The vulnerability identifier is VDB-252214, and despite early disclosure, the vendor has not responded to the issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.