Vulnerabilities > CVE-2021-28843 - NULL Pointer Dereference vulnerability in Trendnet products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

trendnet

CWE-476

NVD

Published: 2021-08-10

Updated: 2021-08-16

Summary

Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03 by sending the POST request to apply_cgi with an unknown action name.

Vulnerable Configurations

Part	Description	Count
OS	Trendnet Trendnet TEW 755Ap Firmware 1.11B03 Trendnet TEW 755Ap2Kac Firmware 1.11B03 Trendnet TEW 821Dap2Kac Firmware 1.11B03 Trendnet TEW 825Dap Firmware 1.11B03	4
Hardware	Trendnet Trendnet TEW 755Ap - Trendnet TEW 755Ap2Kac - Trendnet TEW 821Dap2Kac - Trendnet TEW 825Dap -	4

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

References

https://github.com/zyw-200/EQUAFL/blob/main/TRENDnet%20ticket.pdf