Zhongwei Gu

**Name of the Vulnerable Software and Affected Versions** TRENDnet TI-G102i versions 1.0.7.S0 through 1.0.8.S0 **Description** A vulnerability was found in the HTTP Request Handler component, affecting the function `plugins call handle uri raw` of the file `/usr/sbin/lighttpd`. This issue leads to a null pointer dereference. The attack can only be done within the local network. **Recommendations** For TRENDnet TI-G102i versions 1.0.7.S0 through 1.0.8.S0 , as a temporary workaround, consider disabling the `plugins call handle uri raw` function until a patch is available. Restrict access to the `/usr/sbin/lighttpd` file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TRENDnet TEW-411BRP+ version 2.07 **Description** A vulnerability was found in the HTTP Request Handler component, specifically affecting the function `sub 401DB0` of the file `/usr/sbin/httpd`. This issue leads to a null pointer dereference. The attack can only be initiated within the local network. **Recommendations** For TRENDnet TEW-411BRP+ version 2.07, as a temporary workaround, consider disabling the `sub 401DB0` function until a patch is available. Restrict access to the `/usr/sbin/httpd` file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TRENDnet TEW-818DRU version 1.0.14.6 **Description** A vulnerability was found in the TRENDnet TEW-818DRU, affecting an unknown functionality of the file /usr/sbin/httpd of the component HTTP Request Handler. The manipulation leads to denial of service. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** As a temporary workaround, consider restricting access to the HTTP Request Handler component until a patch is available. Avoid using the affected functionality of the file /usr/sbin/httpd until the issue is resolved. Restrict access to the local network to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TRENDnet TEW-410APB version 1.3.06b **Description** A vulnerability was found in the HTTP Request Handler component, specifically affecting the function `sub 4019A0` of the file `/usr/sbin/httpd`. This issue leads to a null pointer dereference. The attack must be initiated within the local network. **Recommendations** For TRENDnet TEW-410APB version 1.3.06b, as a temporary workaround, consider disabling the `sub 4019A0` function until a patch is available. Restrict access to the HTTP Request Handler component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** TRENDnet TEW-637AP versions 1.2.7 through 1.3.0.106 TRENDnet TEW-638APB versions 1.2.7 through 1.3.0.106 **Description** A problematic vulnerability has been found in the HTTP Request Handler component of the affected devices. This issue affects the `sub 41DED0` function of the `/bin/goahead` file, leading to a null pointer dereference. Access to the local network is required for this attack. The exploit has been disclosed to the public. **Recommendations** For TRENDnet TEW-637AP versions 1.2.7 through 1.3.0.106, consider disabling the `sub 41DED0` function of the `/bin/goahead` file as a temporary workaround until a patch is available. For TRENDnet TEW-638APB versions 1.2.7 through 1.3.0.106, consider disabling the `sub 41DED0` function of the `/bin/goahead` file as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.