CVE-2021-28841

Name of the Vulnerable Software and Affected Versions: TRENDnet TEW-755AP version 1.11B03 TRENDnet TEW-755AP2KAC version 1.11B03 TRENDnet TEW-821DAP2KAC version 1.11B03 TRENDnet TEW-825DAP version 1.11B03

Description: The issue allows a remote malicious user to cause a denial of service by sending a POST request to "apply cgi" via an action "ping test" without a ping ipaddr key. This could lead to a Null Pointer Dereference.

Recommendations: For TRENDnet TEW-755AP version 1.11B03, consider disabling the "apply cgi" endpoint until a patch is available. For TRENDnet TEW-755AP2KAC version 1.11B03, restrict access to the "apply cgi" endpoint to minimize the risk of exploitation. For TRENDnet TEW-821DAP2KAC version 1.11B03, avoid using the "ping test" action in the "apply cgi" endpoint without a ping ipaddr key until the issue is resolved. For TRENDnet TEW-825DAP version 1.11B03, as a temporary workaround, consider disabling the "apply cgi" endpoint via the "ping test" action until a patch is available.