Cyber Resilience

CVE-2024-36728

HighPublic PoC

Published: 03 June 2024

Published
03 June 2024
Modified
01 April 2025
KEV Added
Patch
CVSS Score v3.1 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS Score 0.0399 88.7th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-36728 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Trendnet Tew-827Dru Firmware. Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked in the top 11.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

TRENDnet TEW-827DRU devices through firmware version 2.06B04 contain a stack-based buffer overflow in the ssi binary. The vulnerability, tracked as CVE-2024-36728 with CWE-121, is triggered when the device processes vlan_setting input containing an excessively long dns1 or dns2 value.

An authenticated attacker with network access can exploit the flaw by issuing a crafted POST request to apply.cgi. Successful exploitation grants the ability to execute arbitrary code, resulting in high impact to confidentiality and integrity according to the CVSS 8.1 rating.

The only available references consist of a technical report detailing the buffer overflow and proof-of-concept request; no vendor advisory or patch information is provided in the source material. The associated EPSS score has remained low, reaching a modest peak of 0.0514 before receding to 0.0399.

EU & UK References

Vulnerability details

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action vlan_setting with a sufficiently long dns1 or dns 2…

more

key.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
Why these techniques?

The stack-based buffer overflow in the ssi binary of the router's web interface (apply.cgi) enables an authenticated user to execute arbitrary code remotely via crafted POST requests, directly facilitating Exploitation of Remote Services.

Affected Assets

trendnet
tew-827dru firmware
≤ 2.06b04

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References