{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-2957", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-03-29T19:51:42.510Z", "datePublished": "2025-03-30T19:00:07.178Z", "dateUpdated": "2025-04-01T14:36:56.637Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-03-30T19:00:07.178Z"}, "title": "TRENDnet TEW-411BRP+ HTTP Request httpd sub_401DB0 null pointer dereference", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-476", "lang": "en", "description": "NULL Pointer Dereference"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-404", "lang": "en", "description": "Denial of Service"}]}], "affected": [{"vendor": "TRENDnet", "product": "TEW-411BRP+", "versions": [{"version": "2.07", "status": "affected"}], "modules": ["HTTP Request Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in TRENDnet TEW-411BRP+ 2.07. It has been classified as problematic. Affected is the function sub_401DB0 of the file /usr/sbin/httpd of the component HTTP Request Handler. The manipulation leads to null pointer dereference. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "Es wurde eine problematische Schwachstelle in TRENDnet TEW-411BRP+ 2.07 ausgemacht. Es betrifft die Funktion sub_401DB0 der Datei /usr/sbin/httpd der Komponente HTTP Request Handler. Mittels dem Manipulieren mit unbekannten Daten kann eine null pointer dereference-Schwachstelle ausgenutzt werden. Der Angriff kann im lokalen Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 7.1, "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "baseSeverity": "HIGH"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.1, "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C"}}], "timeline": [{"time": "2025-03-29T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-03-29T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-03-29T20:57:02.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "zhongwei gu (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.302010", "name": "VDB-302010 | TRENDnet TEW-411BRP+ HTTP Request httpd sub_401DB0 null pointer dereference", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.302010", "name": "VDB-302010 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.521719", "name": "Submit #521719 | TRENDnet Router TEW-411BRP+ firmware 2.07 NULL Pointer Dereference", "tags": ["third-party-advisory"]}, {"url": "https://docs.google.com/document/d/1NnvweBsYJQ0MGwBvpi5aAe69g8g5PaNL/edit#heading=h.gjdgxs", "tags": ["related"]}, {"url": "https://drive.google.com/file/d/1Hq3-cTke0SeJguNpop-jpzMtoCHkg9Cb/view?usp=drive_link", "tags": ["exploit"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-31T14:15:33.347925Z", "id": "CVE-2025-2957", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-01T14:36:56.637Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-2957", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-31T14:15:33.347925Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-31T14:15:54.254Z"}}], "cna": {"title": "TRENDnet TEW-411BRP+ HTTP Request httpd sub_401DB0 null pointer dereference", "credits": [{"lang": "en", "type": "reporter", "value": "zhongwei gu (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 7.1, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.1, "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C"}}], "affected": [{"vendor": "TRENDnet", "modules": ["HTTP Request Handler"], "product": "TEW-411BRP+", "versions": [{"status": "affected", "version": "2.07"}]}], "timeline": [{"lang": "en", "time": "2025-03-29T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-03-29T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-03-29T20:57:02.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.302010", "name": "VDB-302010 | TRENDnet TEW-411BRP+ HTTP Request httpd sub_401DB0 null pointer dereference", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.302010", "name": "VDB-302010 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.521719", "name": "Submit #521719 | TRENDnet Router TEW-411BRP+ firmware 2.07 NULL Pointer Dereference", "tags": ["third-party-advisory"]}, {"url": "https://docs.google.com/document/d/1NnvweBsYJQ0MGwBvpi5aAe69g8g5PaNL/edit#heading=h.gjdgxs", "tags": ["related"]}, {"url": "https://drive.google.com/file/d/1Hq3-cTke0SeJguNpop-jpzMtoCHkg9Cb/view?usp=drive_link", "tags": ["exploit"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in TRENDnet TEW-411BRP+ 2.07. It has been classified as problematic. Affected is the function sub_401DB0 of the file /usr/sbin/httpd of the component HTTP Request Handler. The manipulation leads to null pointer dereference. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "Es wurde eine problematische Schwachstelle in TRENDnet TEW-411BRP+ 2.07 ausgemacht. Es betrifft die Funktion sub_401DB0 der Datei /usr/sbin/httpd der Komponente HTTP Request Handler. Mittels dem Manipulieren mit unbekannten Daten kann eine null pointer dereference-Schwachstelle ausgenutzt werden. Der Angriff kann im lokalen Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "NULL Pointer Dereference"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-404", "description": "Denial of Service"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-03-30T19:00:07.178Z"}}}, "cveMetadata": {"cveId": "CVE-2025-2957", "state": "PUBLISHED", "dateUpdated": "2025-04-01T14:36:56.637Z", "dateReserved": "2025-03-29T19:51:42.510Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-03-30T19:00:07.178Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in TRENDnet TEW-411BRP+ 2.07. It has been classified as problematic. Affected is the function sub_401DB0 of the file /usr/sbin/httpd of the component HTTP Request Handler. The manipulation leads to null pointer dereference. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en TRENDnet TEW-411BRP+ 2.07. Se ha clasificado como problem\u00e1tica. La funci\u00f3n sub_401DB0 del archivo /usr/sbin/httpd del componente HTTP Request Handler est\u00e1 afectada. La manipulaci\u00f3n provoca la desreferenciaci\u00f3n de puntero nulo. El ataque solo puede iniciarse dentro de la red local. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n sobre esta divulgaci\u00f3n, pero no respondi\u00f3."}], "id": "CVE-2025-2957", "lastModified": "2025-04-01T20:26:30.593", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-03-30T19:15:14.933", "references": [{"source": "cna@vuldb.com", "url": "https://docs.google.com/document/d/1NnvweBsYJQ0MGwBvpi5aAe69g8g5PaNL/edit#heading=h.gjdgxs"}, {"source": "cna@vuldb.com", "url": "https://drive.google.com/file/d/1Hq3-cTke0SeJguNpop-jpzMtoCHkg9Cb/view?usp=drive_link"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.302010"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.302010"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.521719"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-404"}, {"lang": "en", "value": "CWE-476"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}