Sign-up

ID

VAR-202503-2805


CVE

CVE-2025-2960


TITLE

TRENDnet  of  TEW-637AP  firmware and  TEW-638APB  in the firmware  NULL  Pointer dereference vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2025-003578

DESCRIPTION

A vulnerability classified as problematic has been found in TRENDnet TEW-637AP and TEW-638APB 1.2.7/1.3.0.106. This affects the function sub_41DED0 of the file /bin/goahead of the component HTTP Request Handler. The manipulation leads to null pointer dereference. Access to the local network is required for this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. TRENDnet of TEW-637AP firmware and TEW-638APB The firmware has NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2025-2960 // JVNDB: JVNDB-2025-003578

AFFECTED PRODUCTS

vendor:trendnetmodel:tew-638apbscope:eqversion:1.3.0.106

Trust: 1.0

vendor:trendnetmodel:tew-637apscope:eqversion:1.2.7

Trust: 1.0

vendor:trendnetmodel:tew-637apscope: - version: -

Trust: 0.8

vendor:trendnetmodel:tew-638apbscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2025-003578 // NVD: CVE-2025-2960

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-2960
value: HIGH

Trust: 1.0

OTHER: JVNDB-2025-003578
value: MEDIUM

Trust: 0.8

cna@vuldb.com: CVE-2025-2960
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2025-003578
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2025-2960
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

OTHER: JVNDB-2025-003578
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2025-003578 // NVD: CVE-2025-2960

PROBLEMTYPE DATA

problemtype:CWE-476

Trust: 1.0

problemtype:CWE-404

Trust: 1.0

problemtype:Improper shutdown and release of resources (CWE-404) [ others ]

Trust: 0.8

problemtype:NULL Pointer dereference (CWE-476) [NVD evaluation ]

Trust: 0.8

problemtype:NULL Pointer dereference (CWE-476) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-003578 // NVD: CVE-2025-2960

EXTERNAL IDS

db:NVDid:CVE-2025-2960

Trust: 2.6

db:VULDBid:302013

Trust: 1.8

db:JVNDBid:JVNDB-2025-003578

Trust: 0.8

sources: JVNDB: JVNDB-2025-003578 // NVD: CVE-2025-2960

REFERENCES

url:https://docs.google.com/document/d/17fadwn-uwxjvcynzdi4jrjag-lguu9pj/edit#heading=h.gjdgxs

Trust: 1.8

url:https://drive.google.com/file/d/1ss7jsybnl0fasoy_vh5tnn_xjj_ha1xu/view?usp=drive_link

Trust: 1.8

url:https://vuldb.com/?id.302013

Trust: 1.8

url:https://vuldb.com/?submit.521727

Trust: 1.8

url:https://vuldb.com/?ctiid.302013

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-2960

Trust: 0.8

sources: JVNDB: JVNDB-2025-003578 // NVD: CVE-2025-2960

SOURCES

db:JVNDBid:JVNDB-2025-003578
db:NVDid:CVE-2025-2960

LAST UPDATE DATE

2025-04-18T23:40:21.614000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2025-003578date:2025-04-17T02:04:00
db:NVDid:CVE-2025-2960date:2025-04-15T18:28:01.283

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2025-003578date:2025-04-17T00:00:00
db:NVDid:CVE-2025-2960date:2025-03-30T21:15:32.143