CVE-2021-28844

Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03 by sending the POST request to apply_cgi via a do_graph_auth action without a session_id key.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 55%
VendorProductVersion
trendnettew-755ap_firmware
1.11b03:b03
trendnettew-755ap2kac_firmware
1.11b03:b03
trendnettew-821dap2kac_firmware
1.11b03:b03
trendnettew-825dap_firmware
1.11b03:b03
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/zyw-200/EQUAFL/blob/main/TRENDnet%20ticket.pdf
https://github.com/zyw-200/EQUAFL/blob/main/TRENDnet%20ticket.pdf