CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 1CVE-2025-2960 – TRENDnet TEW-637AP/TEW-638APB HTTP Request goahead sub_41DED0 null pointer dereference
https://notcve.org/view.php?id=CVE-2025-2960
30 Mar 2025 — A vulnerability classified as problematic has been found in TRENDnet TEW-637AP and TEW-638APB 1.2.7/1.3.0.106. This affects the function sub_41DED0 of the file /bin/goahead of the component HTTP Request Handler. The manipulation leads to null pointer dereference. Access to the local network is required for this attack. The exploit has been disclosed to the public and may be used. • https://docs.google.com/document/d/17FadWn-UWXjvcYNzDI4JRjag-lGUU9pJ/edit#heading=h.gjdgxs • CWE-404: Improper Resource Shutdown or Release CWE-476: NULL Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2959 – TRENDnet TEW-410APB HTTP Request httpd sub_4019A0 null pointer dereference
https://notcve.org/view.php?id=CVE-2025-2959
30 Mar 2025 — A vulnerability was found in TRENDnet TEW-410APB 1.3.06b. It has been rated as problematic. Affected by this issue is the function sub_4019A0 of the file /usr/sbin/httpd of the component HTTP Request Handler. The manipulation leads to null pointer dereference. The attack needs to be initiated within the local network. • https://docs.google.com/document/d/1PcJZQ364MQxz1eUt6PLnWIQYTLNuJ5_3/edit#heading=h.gjdgxs • CWE-404: Improper Resource Shutdown or Release CWE-476: NULL Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2958 – TRENDnet TEW-818DRU HTTP Request httpd denial of service
https://notcve.org/view.php?id=CVE-2025-2958
30 Mar 2025 — A vulnerability was found in TRENDnet TEW-818DRU 1.0.14.6. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /usr/sbin/httpd of the component HTTP Request Handler. The manipulation leads to denial of service. The attack needs to be done within the local network. • https://vuldb.com/?id.302011 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2957 – TRENDnet TEW-411BRP+ HTTP Request httpd sub_401DB0 null pointer dereference
https://notcve.org/view.php?id=CVE-2025-2957
30 Mar 2025 — A vulnerability was found in TRENDnet TEW-411BRP+ 2.07. It has been classified as problematic. Affected is the function sub_401DB0 of the file /usr/sbin/httpd of the component HTTP Request Handler. The manipulation leads to null pointer dereference. The attack can only be initiated within the local network. • https://docs.google.com/document/d/1NnvweBsYJQ0MGwBvpi5aAe69g8g5PaNL/edit#heading=h.gjdgxs • CWE-404: Improper Resource Shutdown or Release CWE-476: NULL Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2956 – TRENDnet TI-G102i HTTP Request lighttpd plugins_call_handle_uri_raw null pointer dereference
https://notcve.org/view.php?id=CVE-2025-2956
30 Mar 2025 — A vulnerability was found in TRENDnet TI-G102i 1.0.7.S0_ /1.0.8.S0_ and classified as problematic. This issue affects the function plugins_call_handle_uri_raw of the file /usr/sbin/lighttpd of the component HTTP Request Handler. The manipulation leads to null pointer dereference. The attack can only be done within the local network. The exploit has been disclosed to the public and may be used. • https://docs.google.com/document/d/16iWGXHpmlwJ0GAOi458YlpR56McCvDcN/edit#heading=h.gjdgxs • CWE-404: Improper Resource Shutdown or Release CWE-476: NULL Pointer Dereference •
CVSS: 4.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-51187
https://notcve.org/view.php?id=CVE-2024-51187
11 Nov 2024 — TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the firewallRule_Name_1.1.1.0.0 parameter on the /firewall_setting.htm page. • https://github.com/4hsien/CVE-vulns/blob/main/TRENDnet/TEW-652BRP/XSS_Firewall_Rule/README.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-51188
https://notcve.org/view.php?id=CVE-2024-51188
11 Nov 2024 — TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the vsRule_VirtualServerName_1.1.10.0.0 parameter on the /virtual_server.htm page. • https://github.com/4hsien/CVE-vulns/blob/main/TRENDnet/TEW-652BRP/XSS_Virtual_Server/README.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-51189
https://notcve.org/view.php?id=CVE-2024-51189
11 Nov 2024 — TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the macList_Name_1.1.1.0.0 parameter on the /filters.htm page. • https://github.com/4hsien/CVE-vulns/blob/main/TRENDnet/TEW-652BRP/XSS_Filter/README.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-51190
https://notcve.org/view.php?id=CVE-2024-51190
11 Nov 2024 — TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the ptRule_ApplicationName_1.1.6.0.0 parameter on the /special_ap.htm page. • https://github.com/4hsien/CVE-vulns/blob/main/TRENDnet/TEW-652BRP/XSS_Special_AP/README.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42813
https://notcve.org/view.php?id=CVE-2024-42813
19 Aug 2024 — In TRENDnet TEW-752DRU FW1.03B01, there is a buffer overflow vulnerability due to the lack of length verification for the service field in gena.cgi. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands. • https://gist.github.com/XiaoCurry/204680035c1efffa27d14956820ad928 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •