Login Sign Up

CVE-2024-0918

7.2 HIGH
Remote Code Execution

📋 TL;DR

This critical vulnerability in TRENDnet TEW-800MB routers allows remote attackers to execute arbitrary operating system commands by manipulating the DeviceURL parameter in POST requests. Attackers can gain full control of affected devices without authentication. Only TRENDnet TEW-800MB routers running firmware version 1.0.1.0 are affected.

💻 Affected Systems

Products:
  • TRENDnet TEW-800MB
Versions: 1.0.1.0
Operating Systems: Embedded router firmware
Default Config Vulnerable: ⚠️ Yes
Notes: All devices running the affected firmware version are vulnerable by default. No special configuration required.

📦 What is this software?

Tew 800mb Firmware by Trendnet

View all CVEs affecting Tew 800mb Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attackers to install persistent backdoors, pivot to internal networks, intercept all network traffic, or brick the device.

🟠

Likely Case

Attackers gain shell access to execute commands, potentially installing cryptocurrency miners, botnet malware, or network sniffers.

🟢

If Mitigated

No impact if device is patched or properly isolated from untrusted networks.

🌐 Internet-Facing: HIGH - Remote exploitation without authentication makes internet-facing devices immediate targets.
🏢 Internal Only: MEDIUM - Internal attackers or malware could exploit this, but requires network access to the device.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public exploit details available. Simple HTTP POST request with command injection payload required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Vendor did not respond to disclosure. Consider replacing affected devices.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate TRENDnet TEW-800MB devices from untrusted networks and internet access

Access Control Lists

all

Restrict HTTP/HTTPS access to device management interface to trusted IP addresses only

🧯 If You Can't Patch

  • Replace affected TRENDnet TEW-800MB routers with different models from vendors providing security updates
  • Deploy network monitoring to detect exploitation attempts and unusual outbound connections from the router

🔍 How to Verify

Check if Vulnerable:

Check device firmware version via web interface at http://[router-ip]/status.asp or via serial console

Check Version:

curl -s http://[router-ip]/status.asp | grep -i firmware

Verify Fix Applied:

No fix available to verify. Only complete mitigation is device replacement.

📡 Detection & Monitoring

Log Indicators:

  • Unusual POST requests to device management interface with shell metacharacters in DeviceURL parameter
  • Router logs showing command execution or configuration changes

Network Indicators:

  • HTTP POST requests containing shell commands (;, |, &, $, etc.) in URL parameters
  • Unusual outbound connections from router to external IPs

SIEM Query:

http.method:POST AND http.uri:*DeviceURL* AND (http.uri:*;* OR http.uri:*|* OR http.uri:*&* OR http.uri:*`* OR http.uri:*$*)

📊 Metadata

CVE ID: CVE-2024-0918
CVSS v3 Score: 7.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-78
Published: January 26, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-0918, you might also want to check these:

CVE-2023-2564 10.0

This CVE describes an OS command injection vulnerability in scanservjs web scanning software that al...

Same vulnerability type (CWE-78)
CVE-2024-58338 10.0

Anevia Flamingo XL 3.2.9 contains a restricted shell escape vulnerability that allows remote attacke...

Same vulnerability type (CWE-78)
CVE-2025-26389 10.0

This critical vulnerability allows unauthenticated remote attackers to execute arbitrary code with r...

Same vulnerability type (CWE-78)