Volerion logoVolerion
Volerion logoVolerion

Gladinet Triofox Server Agent WOSHttpStatusModule NULL Function Pointer Call Denial-of-Service Vulnerability

Vulnerability

A denial-of-service vulnerability has been identified in Gladinet Triofox Server Agent versions prior to 17.1.10488.57063. The issue arises in the WOSHttpStatusModule.dll, which is supposed to handle requests with URL paths starting from /status or /sysinfo. Since this DLL is not included in the installation, a function pointer intended to call a module loading function is set to NULL. This leads to a crash by calling a function at a NULL address, causing an access violation.

Impact

Exploitation of this vulnerability leads to a crash of the application, causing a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by sending a request to the Triofox Server Agent Access Service on TCP port 7878 with a URL path that starts with /status or /sysinfo. The server will respond with a connection reset, indicating that the application has crashed.

Remediation

Users are advised to upgrade to Gladinet Triofox Server Agent version 17.3.10565.57509 or later.

Added: May 28, 2026, 3:24 AM
Updated: May 28, 2026, 3:24 AM

Vulnerability Rating

Custom Algorithm
spread
0.0
impact
2.5
exploitability
8.7
remediation
0.0
relevance
9.1
threat
6.4
urgency
2.9
incentive
4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.