Null Pointer Dereference Vulnerability in TRENDnet Wireless Access Points
CVE-2021-28843

7.5HIGH

Key Information:

Vendor: Trendnet
Status: Tew-755ap Firmware
Vendor: CVE Published:; 10 August 2021

What is CVE-2021-28843?

A null pointer dereference vulnerability has been identified in specific TRENDnet wireless access points, including models TEW-755AP and TEW-821DAP2KAC. The flaw arises when an attacker sends a POST request to the apply_cgi interface using an unknown action name, which can lead to unexpected behavior, potentially resulting in service disruptions or crashes. This vulnerability highlights the importance of securing network devices against improperly validated input to maintain overall system integrity.

References

https://github.com/zyw-200/EQUAFL/blob/main/TRENDnet%20ti...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 10, 2021
Vulnerability Reserved
Mar 19, 2021

Trendnet

What is CVE-2021-28843?

References

CVSS V3.1

Timeline