TRENDnet TV-IP121W Improper Authentication Vulnerability in Web Interface
Vulnerability
A critical vulnerability has been identified in the TRENDnet TV-IP121W network camera, specifically in version 1.1.1 Build 36. The issue resides within the web interface file '/admin/setup.cgi', where improper authentication allows remote attackers to access privileged functionalities without authorization. This vulnerability could lead to unauthorized manipulation of the device and exposure of sensitive information.
Impact
Exploitation of this vulnerability could result in unauthorized access to critical device functions and sensitive information. Attackers could manipulate device settings, disrupt services, or gain full control over the device by uploading malicious firmware.
Reproduction
The vulnerability can be reproduced by accessing the '/admin/setup.cgi' endpoint of the camera's web interface. No authentication is required, allowing for direct interaction with the device's privileged functionalities.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.