CVE-2025-2958

A vulnerability was found in TRENDnet TEW-818DRU 1.0.14.6. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /usr/sbin/httpd of the component HTTP Request Handler. The manipulation leads to denial of service. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS v3 6.5 MEDIUM
CVSS v2.0 6.1 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

6.1^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:A/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 6.5 / Impact : 6.9

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
https://docs.google.com/document/d/1DHUsUpeizmqFbJe_0SjsJvCFspPeFDaK/edit#heading=h.gjdgxs	Exploit Third Party Advisory
https://drive.google.com/file/d/1SbZ63uqg6QJYjPFcLY5wBqWrh-NMrnZq/view?usp=drive_link	Exploit
https://vuldb.com/?ctiid.302011	Permissions Required VDB Entry
https://vuldb.com/?id.302011	Third Party Advisory VDB Entry
https://vuldb.com/?submit.521723	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:trendnet:tew-818dru_firmware:1.0.14.6:*:*:*:*:*:*:*

cpe:2.3:h:trendnet:tew-818dru:-:*:*:*:*:*:*:*

History

18 Jul 2025, 15:50

Type	Values Removed	Values Added
First Time		Trendnet tew-818dru Firmware Trendnet Trendnet tew-818dru
CPE		cpe:2.3:h:trendnet:tew-818dru:-:::::::* cpe:2.3:o:trendnet:tew-818dru_firmware:1.0.14.6:::::::*
References	~~() https://docs.google.com/document/d/1DHUsUpeizmqFbJe_0SjsJvCFspPeFDaK/edit#heading=h.gjdgxs -~~	() https://docs.google.com/document/d/1DHUsUpeizmqFbJe_0SjsJvCFspPeFDaK/edit#heading=h.gjdgxs - Exploit, Third Party Advisory
References	~~() https://drive.google.com/file/d/1SbZ63uqg6QJYjPFcLY5wBqWrh-NMrnZq/view?usp=drive_link -~~	() https://drive.google.com/file/d/1SbZ63uqg6QJYjPFcLY5wBqWrh-NMrnZq/view?usp=drive_link - Exploit
References	~~() https://vuldb.com/?ctiid.302011 -~~	() https://vuldb.com/?ctiid.302011 - Permissions Required, VDB Entry
References	~~() https://vuldb.com/?id.302011 -~~	() https://vuldb.com/?id.302011 - Third Party Advisory, VDB Entry
References	~~() https://vuldb.com/?submit.521723 -~~	() https://vuldb.com/?submit.521723 - Third Party Advisory, VDB Entry

01 Apr 2025, 20:26

Type	Values Removed	Values Added
Summary		(es) Se encontró una vulnerabilidad en TRENDnet TEW-818DRU 1.0.14.6. Se ha declarado problemática. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /usr/sbin/httpd del componente HTTP Request Handler. La manipulación provoca una denegación de servicio. El ataque debe realizarse dentro de la red local. Se ha hecho público el exploit y puede que sea utilizado. Se contactó al proveedor con antelación sobre esta divulgación, pero no respondió.

30 Mar 2025, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-30 20:15

Updated : 2025-07-18 15:50

NVD link : CVE-2025-2958

Mitre link : CVE-2025-2958

CVE.ORG link : CVE-2025-2958

JSON object : View

Products Affected

trendnet

tew-818dru_firmware
tew-818dru

CWE

CWE-404

Improper Resource Shutdown or Release

6.5 /10

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

6.1 /10

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

JSON object

Attach tags to CVE-2025-2958

6.5^/10

6.1^/10

Attach tags to `CVE-2025-2958`