PT-2025-13631 · Trendnet · Trendnet Tew-410Apb
Zhongwei Gu
·
Published
2025-03-30
·
Updated
2025-04-01
·
CVE-2025-2959
CVSS v4.0
7.1
High
| Vector | AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
TRENDnet TEW-410APB version 1.3.06b
Description
A vulnerability was found in the HTTP Request Handler component, specifically affecting the function
sub 4019A0 of the file /usr/sbin/httpd. This issue leads to a null pointer dereference. The attack must be initiated within the local network.Recommendations
For TRENDnet TEW-410APB version 1.3.06b, as a temporary workaround, consider disabling the
sub 4019A0 function until a patch is available. Restrict access to the HTTP Request Handler component to minimize the risk of exploitation.Exploit
Fix
Improper Resource Release
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Trendnet Tew-410Apb