CVE-2021-28842

Name of the Vulnerable Software and Affected Versions: TRENDnet TEW-755AP version 1.11B03 TRENDnet TEW-755AP2KAC version 1.11B03 TRENDnet TEW-821DAP2KAC version 1.11B03 TRENDnet TEW-825DAP version 1.11B03

Description: A Null Pointer Deference issue exists, which could allow a remote malicious user to cause a denial of service by sending a POST request to "apply cgi" via action "do graph auth" without the login name key.

Recommendations: For TRENDnet TEW-755AP version 1.11B03, consider disabling the "do graph auth" action in the "apply cgi" endpoint until a patch is available. For TRENDnet TEW-755AP2KAC version 1.11B03, restrict access to the "apply cgi" endpoint to minimize the risk of exploitation. For TRENDnet TEW-821DAP2KAC version 1.11B03, avoid using the "do graph auth" action in the "apply cgi" endpoint without the login name key until the issue is resolved. For TRENDnet TEW-825DAP version 1.11B03, as a temporary workaround, consider restricting access to the "apply cgi" endpoint until a patch is available.