CVE-2025-2959

Public Exploit

TRENDnet TEW-410APB HTTP Request httpd sub_4019A0 null pointer dereference

Description

A vulnerability was found in TRENDnet TEW-410APB 1.3.06b. It has been rated as problematic. Affected by this issue is the function sub_4019A0 of the file /usr/sbin/httpd of the component HTTP Request Handler. The manipulation leads to null pointer dereference. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

References

Link	Tags
https://vuldb.com/?id.302012	third party advisory vdb entry technical description
https://vuldb.com/?ctiid.302012	signature vdb entry permissions required
https://vuldb.com/?submit.521725	third party advisory vdb entry
https://docs.google.com/document/d/1PcJZQ364MQxz1eUt6PLnWIQYTLNuJ5_3/edit#heading=h.gjdgxs	exploit related
https://drive.google.com/file/d/1idRNkvFHyh5vOxw2VIs2wcwdVOVLuqkG/view?usp=drive_link	exploit

Frequently Asked Questions

What is the severity of CVE-2025-2959?: CVE-2025-2959 has been scored as a high severity vulnerability.
How to fix CVE-2025-2959?: To fix CVE-2025-2959, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-2959 being actively exploited in the wild?: It is possible that CVE-2025-2959 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-2959?: CVE-2025-2959 affects TRENDnet TEW-410APB.

Description

Categories

CWE-404 – Improper Resource Shutdown or Release

CWE-476 – NULL Pointer Dereference

References

Frequently Asked Questions