CVE-2024-57590 Information

Description

TRENDnet TEW-632BRP v1.010B31 devices have an OS command injection vulnerability in the CGl interface tp_sync.cgi\which allows remote attackers to execute arbitrary commands via parameter tp_server\ passed to the tp_sync.cgi\ binary through a POST request.

Reference

https://github.com/IdaJea/IOT_vuln_1/blob/master/tew632/ntp_sync.md