CVE-2024-46484

CriticalRCE

Published: 29 August 2025

Published

29 August 2025

Modified

08 September 2025

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0031 54.4th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-46484 is a critical-severity OS Command Injection (CWE-78) vulnerability in Trendnet Tv-Ip410 Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 45.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly prevents OS command injection by validating and sanitizing user inputs to the vulnerable /server/cgi-bin/testserv.cgi endpoint.

SI-2 Flaw Remediation good match

prevent

Remediates the specific command injection flaw in TRENDnet TV-IP410 firmware vA1.0R through timely patching as referenced in vendor advisories.

AC-3 Access Enforcement partial match

prevent

Enforces authentication and access controls on the unauthenticated CGI endpoint to block remote attackers from reaching the vulnerable component.

NVD Description

TRENDnet TV-IP410 vA1.0R was discovered to contain an OS command injection vulnerability via the /server/cgi-bin/testserv.cgi component.

Deeper analysisAI

CVE-2024-46484 is an OS command injection vulnerability (CWE-78) affecting the TRENDnet TV-IP410 camera running firmware version vA1.0R. The issue exists in the /server/cgi-bin/testserv.cgi component, which allows attackers to inject and execute arbitrary operating system commands. Published on 2025-08-29, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), classifying it as critical due to its potential for severe impact.

The vulnerability can be exploited by any unauthenticated attacker with network access to the device, requiring low complexity and no user interaction. Successful exploitation enables arbitrary command execution on the underlying operating system, compromising confidentiality, integrity, and availability with high impact, potentially leading to full device takeover, data exfiltration, or further network pivoting.

Mitigation guidance and related details are referenced in advisories at http://trendnet.com and a GitHub gist at https://gist.github.com/powalll/682c1b81696888fd692e595598f2ae3e, which security practitioners should review for patching or workaround instructions.

Details

CWE(s): CWE-78

Affected Products

trendnet

tv-ip410 firmware

a1.0r

CVEs Like This One

CVE-2025-15471Same vendor: Trendnet

CVE-2026-5353Same vendor: Trendnet

CVE-2026-5355Same vendor: Trendnet

CVE-2026-5351Same vendor: Trendnet

CVE-2026-5354Same vendor: Trendnet

CVE-2025-15472Same vendor: Trendnet

CVE-2026-7609Same vendor: Trendnet

CVE-2026-5352Same vendor: Trendnet

CVE-2026-5183Same vendor: Trendnet

CVE-2025-15137Same vendor: Trendnet

References

http://trendnet.com
Product · cve@mitre.org
https://gist.github.com/powalll/682c1b81696888fd692e595598f2ae3e
Third Party Advisory · cve@mitre.org