Primary

Context

TRENDnet TPL-430AP Denial-of-Service Vulnerability Due to Misconfigured User Limit

Vulnerability

A denial-of-service vulnerability has been identified in the TRENDnet TPL-430AP access point running firmware version 1.0. The issue arises because the 'USERLIMIT_GLOBAL' option in the bftpd-related configuration file is set to 0, allowing an unlimited number of users to connect. This misconfiguration can lead to denial-of-service attacks, as the server may become overwhelmed with connections, even though clients are disconnected after a short period.

Impact

Exploitation of this vulnerability can lead to denial-of-service conditions, where the device becomes overwhelmed with connections, potentially causing legitimate users to be disconnected or unable to connect.

Reproduction

The vulnerability can be reproduced by connecting an unlimited number of users to the TRENDnet TPL-430AP access point. The device will allow all connections, leading to a denial-of-service condition.

Added: Jul 21, 2025, 4:36 PM

Updated: Jul 21, 2025, 4:36 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.7

remediation

0.0

relevance

0.3

threat

1.6

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.7

remediation

0.0

relevance

0.3

threat

1.6

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TRENDnet TPL-430AP Denial-of-Service Vulnerability Due to Misconfigured User Limit

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating