CVE-2021-28846
Severity CVSS v4.0:
Pending analysis
Type:
CWE-134
Format String Vulnerability
Publication date:
10/08/2021
Last modified:
19/08/2021
Description
A Format String vulnerablity exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of service due to a logic bug at address 0x40dcd0 when calling fprintf with "%s: key len = %d, too long\n" format. The two variables seem to be put in the wrong order. The vulnerability could be triggered by sending the POST request to apply_cgi with a long and unknown key in the request body.
Impact
Base Score 3.x
6.50
Severity 3.x
MEDIUM
Base Score 2.0
4.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:trendnet:tew-755ap_firmware:1.11b03:*:*:*:*:*:*:* | ||
| cpe:2.3:h:trendnet:tew-755ap:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:trendnet:tew-755ap2kac_firmware:1.11b03:*:*:*:*:*:*:* | ||
| cpe:2.3:h:trendnet:tew-755ap2kac:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:trendnet:tew-821dap2kac_firmware:1.11b03:*:*:*:*:*:*:* | ||
| cpe:2.3:h:trendnet:tew-821dap2kac:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:trendnet:tew-825dap_firmware:1.11b03:*:*:*:*:*:*:* | ||
| cpe:2.3:h:trendnet:tew-825dap:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page