First published: Tue Aug 10 2021(Updated: )
A Format String vulnerablity exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of service due to a logic bug at address 0x40dcd0 when calling fprintf with "%s: key len = %d, too long\n" format. The two variables seem to be put in the wrong order. The vulnerability could be triggered by sending the POST request to apply_cgi with a long and unknown key in the request body.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Trendnet Tew-755ap Firmware | =1.11b03 | |
TRENDnet TEW-755AP | ||
Trendnet Tew-755ap2kac Firmware | =1.11b03 | |
Trendnet Tew-755ap2kac | ||
Trendnet Tew-821dap2kac Firmware | =1.11b03 | |
Trendnet Tew-821dap2kac | ||
Trendnet Tew-825dap Firmware | =1.11b03 | |
Trendnet Tew-825dap |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-28846 is a Format String vulnerability in TRENDnet TEW-755AP, TEW-755AP2KAC, TEW-821DAP2KAC, and TEW-825DAP firmware versions 1.11B03.
The severity of CVE-2021-28846 is medium, with a CVSS severity score of 6.5.
CVE-2021-28846 occurs due to a Format String vulnerability in the fprintf function with "%s: key len = %d, too long".
The affected software versions include TRENDnet TEW-755AP firmware 1.11B03, TEW-755AP2KAC firmware 1.11B03, TEW-821DAP2KAC firmware 1.11B03, and TEW-825DAP firmware 1.11B03.
No, TRENDnet TEW-755AP and TEW-755AP2KAC are not vulnerable to CVE-2021-28846.