CVE-2025-2959: TRENDnet TEW-410APB HTTP Request httpd sub_4019A0 null pointer dereference
Description
A vulnerability was found in TRENDnet TEW-410APB 1.3.06b. It has been rated as problematic. Affected by this issue is the function sub_4019A0 of the file /usr/sbin/httpd of the component HTTP Request Handler. The manipulation leads to null pointer dereference. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Eine problematische Schwachstelle wurde in TRENDnet TEW-410APB 1.3.06b ausgemacht. Dies betrifft die Funktion sub_4019A0 der Datei /usr/sbin/httpd der Komponente HTTP Request Handler. Durch das Manipulieren mit unbekannten Daten kann eine null pointer dereference-Schwachstelle ausgenutzt werden. Der Angriff kann im lokalen Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
Classification
CVE ID: CVE-2025-2959
CVSS Base Severity: HIGH
CVSS Base Score: 7.1
CVSS Vector: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected Products
Vendor: TRENDnet
Product: TEW-410APB
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.12% (probability of being exploited)
EPSS Percentile: 32.8% (scored less or equal to compared to others)
EPSS Date: 2025-04-28 (when was this score calculated)
References
https://nvd.nist.gov/vuln/detail/CVE-2025-2959https://vuldb.com/?id.302012
https://vuldb.com/?ctiid.302012
https://vuldb.com/?submit.521725
https://docs.google.com/document/d/1PcJZQ364MQxz1eUt6PLnWIQYTLNuJ5_3/edit#heading=h.gjdgxs
https://drive.google.com/file/d/1idRNkvFHyh5vOxw2VIs2wcwdVOVLuqkG/view?usp=drive_link