PT-2021-17960 · Trendnet · Trendnet Tew-821Dap2Kac+3

Published

2021-08-10

·

Updated

2021-08-16

·

CVE-2021-28844

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions: TRENDnet TEW-755AP version 1.11B03 TRENDnet TEW-755AP2KAC version 1.11B03 TRENDnet TEW-821DAP2KAC version 1.11B03 TRENDnet TEW-825DAP version 1.11B03
Description: A Null Pointer Dereference issue exists by sending a POST request to "apply cgi" via a do graph auth action without a session id key.
Recommendations: For TRENDnet TEW-755AP version 1.11B03, consider disabling the do graph auth action in the "apply cgi" endpoint until a patch is available. For TRENDnet TEW-755AP2KAC version 1.11B03, restrict access to the "apply cgi" endpoint to minimize the risk of exploitation. For TRENDnet TEW-821DAP2KAC version 1.11B03, avoid using the do graph auth action in the "apply cgi" endpoint without a session id key until the issue is resolved. For TRENDnet TEW-825DAP version 1.11B03, as a temporary workaround, consider restricting the use of the "apply cgi" endpoint until a fix is provided.

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

CVE-2021-28844

Affected Products

Trendnet Tew755Ap
Trendnet Tew-755Ap2Kac
Trendnet Tew-821Dap2Kac
Trendnet Tew-825Dap