CVE-2025-2956

A vulnerability was found in TRENDnet TI-G102i 1.0.7.S0_ /1.0.8.S0_ and classified as problematic. This issue affects the function plugins_call_handle_uri_raw of the file /usr/sbin/lighttpd of the component HTTP Request Handler. The manipulation leads to null pointer dereference. The attack can only be done within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS v3.0 6.5 MEDIUM

6.5^/10

CVSS v3.0 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://docs.google.com/document/d/16iWGXHpmlwJ0GAOi458YlpR56McCvDcN/edit#heading=h.gjdgxs
https://drive.google.com/file/d/1irEQCJRvcJbh1PdPbk0PRwJB8-fc5mYR/view?usp=sharing
https://vuldb.com/?ctiid.302009
https://vuldb.com/?id.302009
https://vuldb.com/?submit.521717

Configurations

No configuration.

History

30 Mar 2025, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-30 18:15

Updated : 2025-03-30 18:15

NVD link : CVE-2025-2956

Mitre link : CVE-2025-2956

JSON object : View

Products Affected

No product.

CWE

CWE-476

NULL Pointer Dereference

CWE-404

Improper Resource Shutdown or Release

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://docs.google.com/document/d/16iWGXHpmlwJ0GAOi458YlpR56McCvDcN/edit#heading=h.gjdgxs", "name": "https://docs.google.com/document/d/16iWGXHpmlwJ0GAOi458YlpR56McCvDcN/edit#heading=h.gjdgxs", "tags": [], "refsource": ""}, {"url": "https://drive.google.com/file/d/1irEQCJRvcJbh1PdPbk0PRwJB8-fc5mYR/view?usp=sharing", "name": "https://drive.google.com/file/d/1irEQCJRvcJbh1PdPbk0PRwJB8-fc5mYR/view?usp=sharing", "tags": [], "refsource": ""}, {"url": "https://vuldb.com/?ctiid.302009", "name": "VDB-302009 | CTI Indicators (IOB, IOC, IOA)", "tags": [], "refsource": ""}, {"url": "https://vuldb.com/?id.302009", "name": "VDB-302009 | TRENDnet TI-G102i HTTP Request lighttpd plugins_call_handle_uri_raw null pointer dereference", "tags": [], "refsource": ""}, {"url": "https://vuldb.com/?submit.521717", "name": "Submit #521717 | TRENDnet Router FW_TI_G102i_v1_1.0.8.S0_/FW_TI_G642i_v1_1.0.7.S0_ NULL Pointer Dereference", "tags": [], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A vulnerability was found in TRENDnet TI-G102i 1.0.7.S0_ /1.0.8.S0_ and classified as problematic. This issue affects the function plugins_call_handle_uri_raw of the file /usr/sbin/lighttpd of the component HTTP Request Handler. The manipulation leads to null pointer dereference. The attack can only be done within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-476"}, {"lang": "en", "value": "CWE-404"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2025-2956", "ASSIGNER": "cna@vuldb.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}}, "publishedDate": "2025-03-30T18:15Z", "configurations": {"nodes": [], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-03-30T18:15Z"}