Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-32424 | 1 Trendnet | 2 Tw100-s4w1ca, Tw100-s4w1ca Firmware | 2021-06-24 | 6.8 MEDIUM | 8.8 HIGH |
In TrendNet TW100-S4W1CA 2.3.32, due to a lack of proper session controls, a threat actor could make unauthorized changes to an affected router via a specially crafted web page. If an authenticated user were to interact with a malicious web page it could allow for a complete takeover of the router. | |||||
CVE-2021-32426 | 1 Trendnet | 2 Tw100-s4w1ca, Tw100-s4w1ca Firmware | 2021-06-24 | 4.3 MEDIUM | 6.1 MEDIUM |
In TrendNet TW100-S4W1CA 2.3.32, it is possible to inject arbitrary JavaScript into the router's web interface via the "echo" command. |