CVE-2021-28846 - OpenCVE

A Format String vulnerablity exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of service due to a logic bug at address 0x40dcd0 when calling fprintf with "%s: key len = %d, too long\n" format. The two variables seem to be put in the wrong order. The vulnerability could be triggered by sending the POST request to apply_cgi with a long and unknown key in the request body.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:S/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Trendnet	Tew-821dap2kac Firmware Tew-755ap Tew-755ap2kac Firmware Tew-825dap Firmware Tew-755ap Firmware Tew-825dap Tew-755ap2kac Tew-821dap2kac

Configuration 1 [-]

AND

cpe:2.3:o:trendnet:tew-755ap_firmware:1.11b03:*:*:*:*:*:*:*

cpe:2.3:h:trendnet:tew-755ap:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:trendnet:tew-755ap2kac_firmware:1.11b03:*:*:*:*:*:*:*

cpe:2.3:h:trendnet:tew-755ap2kac:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:trendnet:tew-821dap2kac_firmware:1.11b03:*:*:*:*:*:*:*

cpe:2.3:h:trendnet:tew-821dap2kac:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:trendnet:tew-825dap_firmware:1.11b03:*:*:*:*:*:*:*

cpe:2.3:h:trendnet:tew-825dap:-:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/zyw-200/EQUAFL/blob/main/TRENDnet%20ticket.pdf	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2021-08-10T19:22:31

Updated: 2021-08-10T19:22:31

Reserved: 2021-03-19T00:00:00

Link: CVE-2021-28846

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-08-10T20:15:08.417

Modified: 2021-08-19T17:12:10.670

Link: CVE-2021-28846

JSON object: View

Redhat Information

No data.

CWE

CWE-134

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "A Format String vulnerablity exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of service due to a logic bug at address 0x40dcd0 when calling fprintf with \"%s: key len = %d, too long\\n\" format. The two variables seem to be put in the wrong order. The vulnerability could be triggered by sending the POST request to apply_cgi with a long and unknown key in the request body."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-08-10T19:22:31", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/zyw-200/EQUAFL/blob/main/TRENDnet%20ticket.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-28846", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A Format String vulnerablity exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of service due to a logic bug at address 0x40dcd0 when calling fprintf with \"%s: key len = %d, too long\\n\" format. The two variables seem to be put in the wrong order. The vulnerability could be triggered by sending the POST request to apply_cgi with a long and unknown key in the request body."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/zyw-200/EQUAFL/blob/main/TRENDnet%20ticket.pdf", "refsource": "MISC", "url": "https://github.com/zyw-200/EQUAFL/blob/main/TRENDnet%20ticket.pdf"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-28846", "datePublished": "2021-08-10T19:22:31", "dateReserved": "2021-03-19T00:00:00", "dateUpdated": "2021-08-10T19:22:31", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:trendnet:tew-755ap_firmware:1.11b03:*:*:*:*:*:*:*", "matchCriteriaId": "CA501A20-8560-4D43-9879-EE82620EB46E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:trendnet:tew-755ap:-:*:*:*:*:*:*:*", "matchCriteriaId": "05525ACA-056A-4CC9-B012-C33BFF6C223F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:trendnet:tew-755ap2kac_firmware:1.11b03:*:*:*:*:*:*:*", "matchCriteriaId": "49A6918E-F09C-4D8C-90D7-B8FA7368FB44", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:trendnet:tew-755ap2kac:-:*:*:*:*:*:*:*", "matchCriteriaId": "B8D2890D-367F-4243-833C-394322465EE5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:trendnet:tew-821dap2kac_firmware:1.11b03:*:*:*:*:*:*:*", "matchCriteriaId": "C2861898-3D54-49E8-A991-C38286E308DC", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:trendnet:tew-821dap2kac:-:*:*:*:*:*:*:*", "matchCriteriaId": "80556924-8C4F-41BA-961A-6CB107C0D986", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:trendnet:tew-825dap_firmware:1.11b03:*:*:*:*:*:*:*", "matchCriteriaId": "99DAEB6A-ADDC-4D5E-AE2B-4BD80937BD7A", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:trendnet:tew-825dap:-:*:*:*:*:*:*:*", "matchCriteriaId": "3E9C0938-FDAF-424E-951A-02665AD3EFB4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A Format String vulnerablity exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of service due to a logic bug at address 0x40dcd0 when calling fprintf with \"%s: key len = %d, too long\\n\" format. The two variables seem to be put in the wrong order. The vulnerability could be triggered by sending the POST request to apply_cgi with a long and unknown key in the request body."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de cadena de formato en TRENDnet TEW-755AP versi\u00f3n 1.11B03, TEW-755AP2KAC versi\u00f3n 1.11B03, TEW-821DAP2KAC versi\u00f3n 1.11B03, y TEW-825DAP versi\u00f3n 1.11B03, que podr\u00eda permitir a un usuario remoto malicioso causar una denegaci\u00f3n de servicio debido a un error l\u00f3gico en la direcci\u00f3n 0x40dcd0 cuando se llama a fprintf con el formato \"%s: key len = %d, too long\\n\". Las dos variables parecen estar puestas en el orden incorrecto. La vulnerabilidad podr\u00eda activarse mediante el env\u00edo de una petici\u00f3n POST a la funci\u00f3n apply_cgi con una clave larga y desconocida en el cuerpo de la petici\u00f3n"}], "id": "CVE-2021-28846", "lastModified": "2021-08-19T17:12:10.670", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-08-10T20:15:08.417", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/zyw-200/EQUAFL/blob/main/TRENDnet%20ticket.pdf"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-134"}], "source": "nvd@nist.gov", "type": "Primary"}]}