PT-2021-17959 · Trendnet · Trendnet Tew-821Dap2Kac+3
Published
2021-08-10
·
Updated
2021-08-16
·
CVE-2021-28843
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions:
TRENDnet TEW-755AP version 1.11B03
TRENDnet TEW-755AP2KAC version 1.11B03
TRENDnet TEW-821DAP2KAC version 1.11B03
TRENDnet TEW-825DAP version 1.11B03
Description:
A Null Pointer Dereference issue exists by sending a POST request to "apply cgi" with an unknown action name.
Recommendations:
For TRENDnet TEW-755AP version 1.11B03, avoid using unknown action names in the "apply cgi" endpoint until a fix is available.
For TRENDnet TEW-755AP2KAC version 1.11B03, restrict access to the "apply cgi" endpoint to prevent exploitation.
For TRENDnet TEW-821DAP2KAC version 1.11B03, consider disabling the "apply cgi" endpoint temporarily as a mitigation measure.
For TRENDnet TEW-825DAP version 1.11B03, refrain from sending POST requests with unknown action names to the "apply cgi" endpoint until the issue is resolved.
Fix
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Trendnet Tew755Ap
Trendnet Tew-755Ap2Kac
Trendnet Tew-821Dap2Kac
Trendnet Tew-825Dap