cve-2025-2960
Vulnerability from cvelistv5
Published
2025-03-30 21:00
Modified
2025-03-31 14:28
Severity ?
7.1 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS score ?
0.02% (0.03441)
Summary
A vulnerability classified as problematic has been found in TRENDnet TEW-637AP and TEW-638APB 1.2.7/1.3.0.106. This affects the function sub_41DED0 of the file /bin/goahead of the component HTTP Request Handler. The manipulation leads to null pointer dereference. Access to the local network is required for this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
cna@vuldb.comhttps://docs.google.com/document/d/17FadWn-UWXjvcYNzDI4JRjag-lGUU9pJ/edit#heading=h.gjdgxs
cna@vuldb.comhttps://drive.google.com/file/d/1SS7jsYBNl0faSOy_vH5tNn_xJJ_HA1xU/view?usp=drive_link
cna@vuldb.comhttps://vuldb.com/?ctiid.302013
cna@vuldb.comhttps://vuldb.com/?id.302013
cna@vuldb.comhttps://vuldb.com/?submit.521727
134c704f-9b21-4f2e-91b3-4a467353bcc0https://docs.google.com/document/d/17FadWn-UWXjvcYNzDI4JRjag-lGUU9pJ/edit#heading=h.gjdgxs
Impacted products
Vendor Product Version
TRENDnet TEW-637AP Version: 1.2.7
Version: 1.3.0.106
 Create a notification for this product.
   TRENDnet TEW-638APB Version: 1.2.7
Version: 1.3.0.106
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2025-2960",
                        options: [
                           {
                              Exploitation: "poc",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2025-03-31T14:28:18.223771Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2025-03-31T14:28:21.693Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            references: [
               {
                  tags: [
                     "exploit",
                  ],
                  url: "https://docs.google.com/document/d/17FadWn-UWXjvcYNzDI4JRjag-lGUU9pJ/edit#heading=h.gjdgxs",
               },
            ],
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               modules: [
                  "HTTP Request Handler",
               ],
               product: "TEW-637AP",
               vendor: "TRENDnet",
               versions: [
                  {
                     status: "affected",
                     version: "1.2.7",
                  },
                  {
                     status: "affected",
                     version: "1.3.0.106",
                  },
               ],
            },
            {
               modules: [
                  "HTTP Request Handler",
               ],
               product: "TEW-638APB",
               vendor: "TRENDnet",
               versions: [
                  {
                     status: "affected",
                     version: "1.2.7",
                  },
                  {
                     status: "affected",
                     version: "1.3.0.106",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               type: "reporter",
               value: "zhongwei gu (VulDB User)",
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A vulnerability classified as problematic has been found in TRENDnet TEW-637AP and TEW-638APB 1.2.7/1.3.0.106. This affects the function sub_41DED0 of the file /bin/goahead of the component HTTP Request Handler. The manipulation leads to null pointer dereference. Access to the local network is required for this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
            },
            {
               lang: "de",
               value: "Es wurde eine Schwachstelle in TRENDnet TEW-637AP and TEW-638APB 1.2.7/1.3.0.106 entdeckt. Sie wurde als problematisch eingestuft. Dabei betrifft es die Funktion sub_41DED0 der Datei /bin/goahead der Komponente HTTP Request Handler. Durch Manipulieren mit unbekannten Daten kann eine null pointer dereference-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei im lokalen Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.",
            },
         ],
         metrics: [
            {
               cvssV4_0: {
                  baseScore: 7.1,
                  baseSeverity: "HIGH",
                  vectorString: "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                  version: "4.0",
               },
            },
            {
               cvssV3_1: {
                  baseScore: 6.5,
                  baseSeverity: "MEDIUM",
                  vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  version: "3.1",
               },
            },
            {
               cvssV3_0: {
                  baseScore: 6.5,
                  baseSeverity: "MEDIUM",
                  vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  version: "3.0",
               },
            },
            {
               cvssV2_0: {
                  baseScore: 6.1,
                  vectorString: "AV:A/AC:L/Au:N/C:N/I:N/A:C",
                  version: "2.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-476",
                     description: "NULL Pointer Dereference",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
            {
               descriptions: [
                  {
                     cweId: "CWE-404",
                     description: "Denial of Service",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2025-03-30T21:00:10.878Z",
            orgId: "1af790b2-7ee1-4545-860a-a788eba489b5",
            shortName: "VulDB",
         },
         references: [
            {
               name: "VDB-302013 | TRENDnet TEW-637AP/TEW-638APB HTTP Request goahead sub_41DED0 null pointer dereference",
               tags: [
                  "vdb-entry",
                  "technical-description",
               ],
               url: "https://vuldb.com/?id.302013",
            },
            {
               name: "VDB-302013 | CTI Indicators (IOB, IOC, IOA)",
               tags: [
                  "signature",
                  "permissions-required",
               ],
               url: "https://vuldb.com/?ctiid.302013",
            },
            {
               name: "Submit #521727 | TRENDnet wi-fi access point TEW_637AP_V2_FW1.3.0.106/FW_TEW_638APB_V2_1.2.7 NULL Pointer Dereference",
               tags: [
                  "third-party-advisory",
               ],
               url: "https://vuldb.com/?submit.521727",
            },
            {
               tags: [
                  "related",
               ],
               url: "https://docs.google.com/document/d/17FadWn-UWXjvcYNzDI4JRjag-lGUU9pJ/edit#heading=h.gjdgxs",
            },
            {
               tags: [
                  "exploit",
               ],
               url: "https://drive.google.com/file/d/1SS7jsYBNl0faSOy_vH5tNn_xJJ_HA1xU/view?usp=drive_link",
            },
         ],
         timeline: [
            {
               lang: "en",
               time: "2025-03-29T00:00:00.000Z",
               value: "Advisory disclosed",
            },
            {
               lang: "en",
               time: "2025-03-29T01:00:00.000Z",
               value: "VulDB entry created",
            },
            {
               lang: "en",
               time: "2025-03-29T20:59:30.000Z",
               value: "VulDB entry last update",
            },
         ],
         title: "TRENDnet TEW-637AP/TEW-638APB HTTP Request goahead sub_41DED0 null pointer dereference",
      },
   },
   cveMetadata: {
      assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5",
      assignerShortName: "VulDB",
      cveId: "CVE-2025-2960",
      datePublished: "2025-03-30T21:00:10.878Z",
      dateReserved: "2025-03-29T19:54:20.214Z",
      dateUpdated: "2025-03-31T14:28:21.693Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      nvd: "{\"cve\":{\"id\":\"CVE-2025-2960\",\"sourceIdentifier\":\"cna@vuldb.com\",\"published\":\"2025-03-30T21:15:32.143\",\"lastModified\":\"2025-04-01T20:26:30.593\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability classified as problematic has been found in TRENDnet TEW-637AP and TEW-638APB 1.2.7/1.3.0.106. This affects the function sub_41DED0 of the file /bin/goahead of the component HTTP Request Handler. The manipulation leads to null pointer dereference. Access to the local network is required for this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.\"},{\"lang\":\"es\",\"value\":\"Se ha detectado una vulnerabilidad clasificada como problemática en TRENDnet TEW-637AP y TEW-638APB 1.2.7/1.3.0.106. Esta vulnerabilidad afecta a la función sub_41DED0 del archivo /bin/goahead del componente HTTP Request Handler. La manipulación provoca la desreferenciación de puntero nulo. Este ataque requiere acceso a la red local. Se ha hecho público el exploit y puede que sea utilizado. Se contactó al proveedor con antelación para informarle sobre esta divulgación, pero no respondió.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:A/AC:L/Au:N/C:N/I:N/A:C\",\"baseScore\":6.1,\"accessVector\":\"ADJACENT_NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":6.5,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-404\"},{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"references\":[{\"url\":\"https://docs.google.com/document/d/17FadWn-UWXjvcYNzDI4JRjag-lGUU9pJ/edit#heading=h.gjdgxs\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://drive.google.com/file/d/1SS7jsYBNl0faSOy_vH5tNn_xJJ_HA1xU/view?usp=drive_link\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://vuldb.com/?ctiid.302013\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://vuldb.com/?id.302013\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://vuldb.com/?submit.521727\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://docs.google.com/document/d/17FadWn-UWXjvcYNzDI4JRjag-lGUU9pJ/edit#heading=h.gjdgxs\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\"}]}}",
      vulnrichment: {
         containers: "{\"cna\": {\"title\": \"TRENDnet TEW-637AP/TEW-638APB HTTP Request goahead sub_41DED0 null pointer dereference\", \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"zhongwei gu (VulDB User)\"}], \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 7.1, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N\"}}, {\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\"}}, {\"cvssV3_0\": {\"version\": \"3.0\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\"}}, {\"cvssV2_0\": {\"version\": \"2.0\", \"baseScore\": 6.1, \"vectorString\": \"AV:A/AC:L/Au:N/C:N/I:N/A:C\"}}], \"affected\": [{\"vendor\": \"TRENDnet\", \"modules\": [\"HTTP Request Handler\"], \"product\": \"TEW-637AP\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.2.7\"}, {\"status\": \"affected\", \"version\": \"1.3.0.106\"}]}, {\"vendor\": \"TRENDnet\", \"modules\": [\"HTTP Request Handler\"], \"product\": \"TEW-638APB\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.2.7\"}, {\"status\": \"affected\", \"version\": \"1.3.0.106\"}]}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-03-29T00:00:00.000Z\", \"value\": \"Advisory disclosed\"}, {\"lang\": \"en\", \"time\": \"2025-03-29T01:00:00.000Z\", \"value\": \"VulDB entry created\"}, {\"lang\": \"en\", \"time\": \"2025-03-29T20:59:30.000Z\", \"value\": \"VulDB entry last update\"}], \"references\": [{\"url\": \"https://vuldb.com/?id.302013\", \"name\": \"VDB-302013 | TRENDnet TEW-637AP/TEW-638APB HTTP Request goahead sub_41DED0 null pointer dereference\", \"tags\": [\"vdb-entry\", \"technical-description\"]}, {\"url\": \"https://vuldb.com/?ctiid.302013\", \"name\": \"VDB-302013 | CTI Indicators (IOB, IOC, IOA)\", \"tags\": [\"signature\", \"permissions-required\"]}, {\"url\": \"https://vuldb.com/?submit.521727\", \"name\": \"Submit #521727 | TRENDnet wi-fi access point TEW_637AP_V2_FW1.3.0.106/FW_TEW_638APB_V2_1.2.7 NULL Pointer Dereference\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://docs.google.com/document/d/17FadWn-UWXjvcYNzDI4JRjag-lGUU9pJ/edit#heading=h.gjdgxs\", \"tags\": [\"related\"]}, {\"url\": \"https://drive.google.com/file/d/1SS7jsYBNl0faSOy_vH5tNn_xJJ_HA1xU/view?usp=drive_link\", \"tags\": [\"exploit\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability classified as problematic has been found in TRENDnet TEW-637AP and TEW-638APB 1.2.7/1.3.0.106. This affects the function sub_41DED0 of the file /bin/goahead of the component HTTP Request Handler. The manipulation leads to null pointer dereference. Access to the local network is required for this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.\"}, {\"lang\": \"de\", \"value\": \"Es wurde eine Schwachstelle in TRENDnet TEW-637AP and TEW-638APB 1.2.7/1.3.0.106 entdeckt. Sie wurde als problematisch eingestuft. Dabei betrifft es die Funktion sub_41DED0 der Datei /bin/goahead der Komponente HTTP Request Handler. Durch Manipulieren mit unbekannten Daten kann eine null pointer dereference-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei im lokalen Netzwerk erfolgen. Der Exploit steht zur \\u00f6ffentlichen Verf\\u00fcgung.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-476\", \"description\": \"NULL Pointer Dereference\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-404\", \"description\": \"Denial of Service\"}]}], \"providerMetadata\": {\"orgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"shortName\": \"VulDB\", \"dateUpdated\": \"2025-03-30T21:00:10.878Z\"}}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-2960\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-31T14:28:18.223771Z\"}}}], \"references\": [{\"url\": \"https://docs.google.com/document/d/17FadWn-UWXjvcYNzDI4JRjag-lGUU9pJ/edit#heading=h.gjdgxs\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"shortName\": \"CISA-ADP\", \"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"dateUpdated\": \"2025-03-31T14:28:04.521Z\"}}]}",
         cveMetadata: "{\"cveId\": \"CVE-2025-2960\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-03-30T21:00:10.878Z\", \"dateReserved\": \"2025-03-29T19:54:20.214Z\", \"assignerOrgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"datePublished\": \"2025-03-30T21:00:10.878Z\", \"assignerShortName\": \"VulDB\"}",
         dataType: "CVE_RECORD",
         dataVersion: "5.1",
      },
   },
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.